// For flags

CVE-2013-1661

VMware Security Advisory 2013-0011

Severity Score

5.9
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.

VMware ESXi v4.0 hasta v5.1, y ESX v4.0 y v4.1 no aplicar correctamente el protocolo Network File Copy (NFC), lo que permite a atacantes man-in-the-middle causar una denegación de servicio (excepción sin manejar y caída de aplicación) mediante la modificación de los datos en el flujo client-server.

VMware has updated VMware ESXi and ESX to address a vulnerability in an unhandled exception in the NFC protocol handler.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-02-12 CVE Reserved
  • 2013-08-30 CVE Published
  • 2024-09-16 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
http://www.vmware.com/security/advisories/VMSA-2013-0011.html 2013-09-30
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Esx
Search vendor "Vmware" for product "Esx"
 4.0
Search vendor "Vmware" for product "Esx" and version "4.0"
-
Affected
Vmware
Search vendor "Vmware"
 Esx
Search vendor "Vmware" for product "Esx"
 4.1
Search vendor "Vmware" for product "Esx" and version "4.1"
-
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.0
Search vendor "Vmware" for product "Esxi" and version "4.0"
-
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.0
Search vendor "Vmware" for product "Esxi" and version "4.0"
1
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.0
Search vendor "Vmware" for product "Esxi" and version "4.0"
2
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.0
Search vendor "Vmware" for product "Esxi" and version "4.0"
3
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.0
Search vendor "Vmware" for product "Esxi" and version "4.0"
4
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.1
Search vendor "Vmware" for product "Esxi" and version "4.1"
-
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.1
Search vendor "Vmware" for product "Esxi" and version "4.1"
1
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 4.1
Search vendor "Vmware" for product "Esxi" and version "4.1"
2
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 5.0
Search vendor "Vmware" for product "Esxi" and version "5.0"
-
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 5.0
Search vendor "Vmware" for product "Esxi" and version "5.0"
1
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 5.0
Search vendor "Vmware" for product "Esxi" and version "5.0"
2
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 5.1
Search vendor "Vmware" for product "Esxi" and version "5.1"
-
Affected