CVE-2013-1405

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Published: Feb 15, 2013
Updated: Apr 13, 2023
CVE: CVE-2013-1405
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
vmware / vcenter_server	4.0-update_4	4.0-update_4.x
vmware / vcenter_server	4.1-update_3	4.1-update_3.x
vmware / virtualcenter	2.5	2.5.x
vmware / vsphere_client	4.0-update_4	4.0-update_4.x
vmware / vsphere_client	4.1-update_3	4.1-update_3.x
vmware / vi-client	2.5	2.5.x
vmware / esxi	4.1	4.1.x
vmware / esxi	4.0-1	4.0-1.x
vmware / esxi	3.5	3.5.x
vmware / esxi	4.0	4.0.x
vmware / esxi	4.0-3	4.0-3.x
vmware / esxi	3.5-1	3.5-1.x
vmware / esxi	4.0-4	4.0-4.x
vmware / esxi	4.0-2	4.0-2.x
vmware / esx	3.5-update2	3.5-update2.x
vmware / esx	4.1	4.1.x
vmware / esx	3.5-update1	3.5-update1.x
vmware / esx	3.5	3.5.x
vmware / esx	3.5-update3	3.5-update3.x
vmware / esx	4.0	4.0.x

http://www.vmware.com/security/advisories/VMSA-2013-0001.html

Vulnerability Database

289,599

CVE-2013-1405