10

CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Data is provided by the National Vulnerability Database (NVD)
VMwareVcenter Server Version4.0 Updateupdate_4
VMwareVcenter Server Version4.1 Updateupdate_3
VMwareVirtualcenter Version2.5
VMwareVsphere Client Version4.0 Updateupdate_4
VMwareVsphere Client Version4.1 Updateupdate_3
VMwareVi-client Version2.5
VMwareESXi Version3.5
VMwareESXi Version3.5 Update1
VMwareESXi Version4.0
VMwareESXi Version4.0 Update1
VMwareESXi Version4.0 Update2
VMwareESXi Version4.0 Update3
VMwareESXi Version4.0 Update4
VMwareESXi Version4.1
VMwareEsx Version3.5
VMwareEsx Version3.5 Updateupdate1
VMwareEsx Version3.5 Updateupdate2
VMwareEsx Version3.5 Updateupdate3
VMwareEsx Version4.0
VMwareEsx Version4.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.9% 0.735
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.