CVE-2013-5973

Severity

44%

Complexity

34%

Confidentiality

106%

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.

CVSS 2.0 Base Score 4.4. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

VMWare ESX

First reported 11 years ago

2013-12-23 15:42:00

Last updated 6 years ago

2018-10-09 19:34:00

Affected Software

VMWare ESX 4.0

4.0

VMWare ESX 4.1

4.1

VMWare ESXi 4.0

4.0

VMWare ESXi 4.0 update 1

4.0

VMWare ESXi 4.0 update 2

4.0

VMWare ESXi 4.0 update 3

4.0

VMWare ESXi 4.0 update 4

4.0

VMWare ESXi 4.1

4.1

VMWare ESXi 4.1 update 1

4.1

VMWare ESXi 4.1 update 2

4.1

VMWare ESXi 5.0

5.0

VMWare ESXi 5.0 update 1

5.0

VMWare ESXi 5.0 update 2

5.0

VMWare ESXi 5.1

5.1

VMWare ESXi 5.1 Update 1

5.1

VMWare ESXi 5.5

5.5

References

JVN#13154935

JVNDB-2013-000123

101387

20131223 NEW VMSA-2013-0016 VMware ESXi and ESX unauthorized file access through vCenter Server and ESX

64491

1029529

http://www.vmware.com/security/advisories/VMSA-2013-0016.html

Vendor Advisory

vmware-esx-esxi-cve20135973-sec-bypass(89938)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.