Vulnerability Details CVE-2013-1405
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.1%
CVSS Severity
CVSS v2 Score 10.0
References
Products affected by CVE-2013-1405
-
cpe:2.3:a:vmware:vcenter_server:4.0
-
cpe:2.3:a:vmware:vcenter_server:4.1
-
cpe:2.3:a:vmware:vi-client:2.5
-
cpe:2.3:a:vmware:virtualcenter:2.5
-
cpe:2.3:a:vmware:vsphere_client:4.0
-
cpe:2.3:a:vmware:vsphere_client:4.1
-
cpe:2.3:o:vmware:esx:3.5
-
cpe:2.3:o:vmware:esx:4.0
-
cpe:2.3:o:vmware:esx:4.1
-
cpe:2.3:o:vmware:esxi:3.5
-
cpe:2.3:o:vmware:esxi:4.0
-
cpe:2.3:o:vmware:esxi:4.1