CVE-2013-1405

Vmware Vcenter Server - Authentication Bypass

Title source: rule

Description

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

References (1)

[Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2013-0001.html

Scores

EPSS 0.0090

EPSS Percentile 75.5%

Classification

CWE

CWE-287

Status draft

Affected Products (20)

vmware/vcenter_server

vmware/virtualcenter

vmware/vsphere_client

vmware/vi-client

vmware/esxi

vmware/esx

... and 5 more

Timeline

Published Feb 15, 2013

Tracked Since Feb 18, 2026