Executive Summary
Summary | |
---|---|
Title | VMware ESXi and ESX address an NFC Protocol Unhandled Exception |
Informations | |||
---|---|---|---|
Name | VMSA-2013-0011 | First vendor Publication | 2013-08-29 |
Vendor | VMware | Last vendor Modification | 2013-08-29 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware ESXi and ESX NFC Protocol Unhandled Exception VMware ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network VMware would like to thank Alex Chapman of Context Information Security for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1661 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2013-0011.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:20830 | |||
Oval ID: | oval:org.mitre.oval:def:20830 | ||
Title: | VMware ESXi and ESX address an NFC Protocol Unhandled Exception | ||
Description: | VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2013-1661 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-09-05 | IAVM : 2013-B-0096 - VMware ESX 4.1 and ESXi 4.1 Remote Denial of Service Vulnerability Severity : Category I - VMSKEY : V0040208 |
2013-09-05 | IAVM : 2013-B-0095 - VMware ESX 4.0 and ESXi 4.0 Remote Denial of Service Vulnerability Severity : Category I - VMSKEY : V0040209 |
2013-09-05 | IAVM : 2013-B-0098 - VMware ESXi 5.1 Remote Denial of Service Vulnerability Severity : Category I - VMSKEY : V0040211 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_esx_VMSA-2013-0011_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-26 | Name : The remote OracleVM host is missing one or more security updates. File : oraclevm_OVMSA-2013-0011.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.0 host is affected by denial of service vulnerability. File : vmware_esxi_5_0_build_1197855_remote.nasl - Type : ACT_GATHER_INFO |
2013-11-13 | Name : The remote VMware ESXi 5.1 host is affected by denial of service vulnerability. File : vmware_esxi_5_1_build_1142907_remote.nasl - Type : ACT_GATHER_INFO |
2013-09-03 | Name : The remote VMware ESXi / ESX host is missing a security-related patch. File : vmware_VMSA-2013-0011.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2016-03-05 13:26:43 |
|
2014-11-27 13:28:45 |
|
2014-02-17 12:07:27 |
|
2013-11-11 12:41:42 |
|
2013-09-04 21:25:36 |
|
2013-09-04 13:25:48 |
|
2013-08-30 09:19:56 |
|