CVE-2013-5973
VMware ESX 4.0-4.1 and ESXi 4.0-5.5 - Arbitrary File Read and Write via vCenter Add Existing Disk Action
Title source: llmDescription
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.
References (8)
Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/89938
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/530482/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/101387
Third Party Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN13154935/index.html
Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2013-0016.html
Third Party Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/64491
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1029529
Scores
EPSS
0.0003
EPSS Percentile
10.1%
Details
CWE
CWE-264
Status
published
Products (6)
vmware/esx
4.0
vmware/esx
4.1
vmware/esxi
4.0 (5 CPE variants)
vmware/esxi
4.1 (3 CPE variants)
vmware/esxi
5.0 (3 CPE variants)
vmware/esxi
5.1
Published
Dec 23, 2013
Tracked Since
Feb 18, 2026