CVE-2013-1405

critical

VMware

CVSS v3 Base Score

10.0

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS Score

0.9%

Exploitation probability in 30 days

Top 24% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

Integrity

Availability

Published: February 15, 2013 (4836 days ago)

Last Modified: April 29, 2026

Vendor: VMware

Source: NVD

Description

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CWE

CWE-287

Affected Products

vmware vcenter servervmware virtualcentervmware vsphere clientvmware vi-clientvmware esxivmware esx

References

🔗 www.vmware.com 🔗 www.vmware.com

CVE-2013-1405

Vulnerability Report

Description

CWE

Affected Products

References