CVE-2013-1659

VMware vCenter Server and ESXi/ESX - Remote Code Execution or Denial of Service via NFC Protocol Tampering

Title source: llm

Description

VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2013-0003.html

Scores

EPSS 0.0088

EPSS Percentile 75.6%

Details

Status published

Products (9)

vmware/esxi 3.5 (2 CPE variants)

vmware/esxi 4.0 (5 CPE variants)

vmware/esxi 4.1 (3 CPE variants)

vmware/esxi 5.0 (3 CPE variants)

vmware/esxi 5.1

vmware/vcenter_server 4.0 (6 CPE variants)

vmware/vcenter_server 5.0 (2 CPE variants)

vmware/vcenter_server_appliance 5.1

vmware/vcenter_server_appliance 5.1.0a

Published Feb 22, 2013

Tracked Since Feb 18, 2026