Summary
VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.
Solution
Apply the missing patch(es).
Insight
VMware ESXi and ESX NFC Protocol Unhandled Exception
VMware ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between ESXi/ESX and the client. Exploitation of the issue may lead to a Denial of Service.
To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network
Affected
VMware ESXi 5.1 without patch ESXi510-201307101
VMware ESXi 5.0 without patch ESXi500-201308101 VMware ESXi 4.1 without patch ESXi410-201304401
VMware ESXi 4.0 without patch ESXi400-201305401
VMware ESX 4.1 without patch ESX410-201304401
VMware ESX 4.0 without patch ESX400-201305401
Detection
Check the build number.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-1661 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P
Related Vulnerabilities
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Linux)
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)
- Adobe Flash Player Multiple Security Bypass Vulnerabilities - 01 Feb14 (Mac OS X)
- Adobe Reader Plugin Signature Bypass Vulnerability (Windows)
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)