Vcenter Server
CVE-2013-1405
CRITICAL
Severity by source
AV:N/AC:L/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
AnalysisAI
VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Affected products include: Vmware Vcenter Server, Vmware Virtualcenter, Vmware Vsphere Client, Vmware Vi-Client, Vmware Esxi. Version information: through 4.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Vcenter Server
View allThe JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not r
The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CV
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual
The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical sev
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated h
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi
The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). Rated cri
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before upd
VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. Rated critical severity (C
The vCenter Server contains a privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. Rated critical s
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today