CVE-2013-1405 - Vulnerability Details

Vendors	Products
Vmware	Esx Esxi Vcenter Server Vi-client Virtualcenter Vsphere Client

Link	Providers
http://www.vmware.com/security/advisories/VMSA-2013-0001.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-02-15T11:00:00Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-1405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T14:57:05.140Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-1405", "datePublished": "2013-02-15T11:00:00Z", "dateReserved": "2013-01-19T00:00:00Z", "dateUpdated": "2024-09-17T03:38:50.720Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2013-02-15T11:00:00Z (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2013-0001.html (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2013-1405 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : http://www.vmware.com/security/advisories/VMSA-2013-0001.html (string)

refsource : CONFIRM (string)

url : http://www.vmware.com/security/advisories/VMSA-2013-0001.html (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T14:57:05.140Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2013-0001.html (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2013-1405 (string)

datePublished : 2013-02-15T11:00:00Z (string)

dateReserved : 2013-01-19T00:00:00Z (string)

dateUpdated : 2024-09-17T03:38:50.720Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "8BDBAABE-D43C-491B-A3D2-8A625A8524E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:*", "matchCriteriaId": "05AA5E52-299B-4B2A-AB6C-909005831AD5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "D17E8DFD-AC99-45E6-81F9-ED66369FBD0A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:*", "matchCriteriaId": "D07E4CB7-7337-454A-8088-ADD06CDF39A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:*", "matchCriteriaId": "ECE82311-7CA2-4E73-8EDB-AE399E14A860", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "671C0883-F9AE-45F9-9632-4373A4E93E80", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*", "matchCriteriaId": "58ED8AB4-0FDF-4752-B44E-56F58593CE41", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*", "matchCriteriaId": "0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*", "matchCriteriaId": "AF016EE7-083A-4D62-A6D4-2807EB47B6DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*", "matchCriteriaId": "8F11844A-3C6C-4AA5-87DC-979AFF62867A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*", "matchCriteriaId": "AC463653-A599-45CF-8EA9-8854D5C59963", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*", "matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*", "matchCriteriaId": "37A5D726-3D38-44D5-B509-1B8B003903A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*", "matchCriteriaId": "A4DA3B20-A743-4F37-A095-65161FFBEB73", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*", "matchCriteriaId": "FF7C3C65-BE63-407E-9CFD-E571025C3E79", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors."}, {"lang": "es", "value": "VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente Update v3a, VMware VirtualCenter v2.5, VMware vSphere Client v4.0 anteriormente Update v4b y 4.1 anteriormente Update v3a, VMware VI-Client v2.5, VMware ESXi v3.5 hasta v4.1, y VMware ESX v3.5 hasta v4.1 no implementa correctamente el protocolo de gesti\u00f3n de autentificaci\u00f3n, el cual permite a servidores remotos ejecutar c\u00f3digo o causar una denegaci\u00f3n de servicios en la memoria corrupta por vectores sin especificar."}], "id": "CVE-2013-1405", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-02-15T12:09:29.227", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2013-0001.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:* (string)

matchCriteriaId : 8BDBAABE-D43C-491B-A3D2-8A625A8524E6 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:* (string)

matchCriteriaId : 05AA5E52-299B-4B2A-AB6C-909005831AD5 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : D17E8DFD-AC99-45E6-81F9-ED66369FBD0A (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:* (string)

matchCriteriaId : D07E4CB7-7337-454A-8088-ADD06CDF39A3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:* (string)

matchCriteriaId : ECE82311-7CA2-4E73-8EDB-AE399E14A860 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:* (string)

matchCriteriaId : 671C0883-F9AE-45F9-9632-4373A4E93E80 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : FAE88D8C-9CC3-46D1-9F26-290BC679F47E (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:* (string)

matchCriteriaId : 58ED8AB4-0FDF-4752-B44E-56F58593CE41 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 13771B15-CD71-472A-BE56-718B87D5825D (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:* (string)

matchCriteriaId : 0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:* (string)

matchCriteriaId : AF016EE7-083A-4D62-A6D4-2807EB47B6DB (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:* (string)

matchCriteriaId : 8F11844A-3C6C-4AA5-87DC-979AFF62867A (string)

vulnerable : true (boolean)

}

6 : { »

criteria : cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:* (string)

matchCriteriaId : AC463653-A599-45CF-8EA9-8854D5C59963 (string)

vulnerable : true (boolean)

}

7 : { »

criteria : cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4BDE707D-A1F4-4829-843E-F6633BB84D6D (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

5 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:* (string)

matchCriteriaId : BFF29100-E124-4416-95CF-18B4246D43F2 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:* (string)

matchCriteriaId : 37A5D726-3D38-44D5-B509-1B8B003903A0 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:* (string)

matchCriteriaId : A4DA3B20-A743-4F37-A095-65161FFBEB73 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:* (string)

matchCriteriaId : FF7C3C65-BE63-407E-9CFD-E571025C3E79 (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : BC337BB7-9A45-4406-A783-851F279130EE (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. (string)

}

1 : { »

lang : es (string)

value : VMware vCenter Server v4.0 anteriormente Update v4b y v4.1 anteriormente Update v3a, VMware VirtualCenter v2.5, VMware vSphere Client v4.0 anteriormente Update v4b y 4.1 anteriormente Update v3a, VMware VI-Client v2.5, VMware ESXi v3.5 hasta v4.1, y VMware ESX v3.5 hasta v4.1 no implementa correctamente el protocolo de gestión de autentificación, el cual permite a servidores remotos ejecutar código o causar una denegación de servicios en la memoria corrupta por vectores sin especificar. (string)

}

]

id : CVE-2013-1405 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : COMPLETE (string)

baseScore : 10 (number)

confidentialityImpact : COMPLETE (string)

integrityImpact : COMPLETE (string)

vectorString : AV:N/AC:L/Au:N/C:C/I:C/A:C (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 10 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2013-02-15T12:09:29.227 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2013-0001.html (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : http://www.vmware.com/security/advisories/VMSA-2013-0001.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-287 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object