Summary
VMware has updated VMware vCenter Server to address a vulnerability in the Network File Copy (NFC) Protocol.
Solution
Apply the missing patch(es).
Insight
VMware vCenter, ESXi and ESX NFC protocol memory corruption vulnerability
VMware vCenter Server, ESXi and ESX contain a vulnerability in the handling of the Network File Copy (NFC) protocol. To exploit this vulnerability, an attacker must intercept and modify the NFC traffic between vCenter Server and the client or ESXi/ESX and the client.
Exploitation of the issue may lead to code execution.
To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network
Affected
VMware vCenter Server 5.1 prior to 5.1.0b
VMware vCenter Server 5.0 prior to 5.0 Update 2
Detection
Check the build number.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-1659 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Mac OS X)
- Adobe Air and Flash Player Multiple Vulnerabilities August-2011 (Windows)
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe Acrobat Sandbox Bypass Vulnerability - Aug14 (Windows)