Vulnerability Details : CVE-2013-1405
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Vulnerability category: Memory CorruptionExecute codeBypassGain privilegeDenial of service
Threat overview for CVE-2013-1405
Top countries where our scanners detected CVE-2013-1405
Top open port discovered on systems with this issue
443
IPs affected by CVE-2013-1405 29
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-1405!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-1405
Probability of exploitation activity in the next 30 days: 0.22%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 59 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-1405
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2013-1405
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1405
-
http://www.vmware.com/security/advisories/VMSA-2013-0001.html
VMSA-2013-0001.4Vendor Advisory
Products affected by CVE-2013-1405
- cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.1:update_3:*:*:*:*:*:*
- cpe:2.3:a:vmware:vcenter_server:4.0:update_4:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:4.0:update_4:*:*:*:*:*:*
- cpe:2.3:a:vmware:vsphere_client:4.1:update_3:*:*:*:*:*:*
- cpe:2.3:a:vmware:vi-client:2.5:*:*:*:*:*:*:*