Summary
VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.
Solution
Apply the missing patch(es).
Insight
VMware ESXi and ESX NFC Protocol Unhandled Exception
VMware ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service.
To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network
Affected
VMware ESXi 5.1 without patch ESXi510-201307101
VMware ESXi 5.0 without patch ESXi500-201308101 VMware ESXi 4.1 without patch ESXi410-201304401
VMware ESXi 4.0 without patch ESXi400-201305401
VMware ESX 4.1 without patch ESX410-201304401
VMware ESX 4.0 without patch ESX400-201305401
Detection
Check if the patch for VMSA-2013-0011 is installed.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-1661 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- VMSA-2014-0001 VMware Workstation, Player, Fusion, ESXi, ESX and vCloud Director address several security issues
- VMSA-2014-0002 VMware vSphere updates to third party libraries
- VMSA-2014-0012: VMware vSphere product updates address security vulnerabilities
- VMSA-2013-0011 VMware ESX and ESXi updates to third party libraries
- VMSA-2014-0004 VMware product updates address OpenSSL security vulnerabilities