CVE-2013-1405
VMware vCenter Server 4.0-4.1 and VirtualCenter 2.5 - Improper Authentication
Title source: llmDescription
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2013-0001.html
Scores
EPSS
0.0090
EPSS Percentile
76.0%
Details
CWE
CWE-287
Status
published
Products (12)
vmware/esx
3.5 (4 CPE variants)
vmware/esx
4.0
vmware/esx
4.1
vmware/esxi
3.5 (2 CPE variants)
vmware/esxi
4.0 (5 CPE variants)
vmware/esxi
4.1
vmware/vcenter_server
4.0 update_4
vmware/vcenter_server
4.1 update_3
vmware/vi-client
2.5
vmware/virtualcenter
2.5
... and 2 more
Published
Feb 15, 2013
Tracked Since
Feb 18, 2026