CVE-2013-5973
VMware Security Advisory 2013-0016
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.
VMware ESXi 4.0 a 5.5 y ESX 4.0 y 4.1 permiten a usuarios locales leer o modificar ficheros arbitrarios mediante el aprovechamiento de los roles Virtual Machine Power User o Resource Pool Administrator para una acción Add Existing Disk en vCenter con nombres de fichero (1) -flat, (2) -rdm o (3) -rdmp.
VMware ESXi and ESX contain a vulnerability in the handling of certain Virtual Machine file descriptors. This issue may allow an unprivileged vCenter Server user with the privilege “Add Existing Disk" to obtain read and write access to arbitrary files on ESXi or ESX. On ESX, an unprivileged local user may obtain read and write access to arbitrary files. Modifying certain files may allow for code execution after a host reboot.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-10-01 CVE Reserved
- 2013-12-23 CVE Published
- 2024-08-06 CVE Updated
- 2025-07-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://jvn.jp/en/jp/JVN13154935/index.html | Third Party Advisory | |
| http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html | Third Party Advisory | |
| http://osvdb.org/101387 | Vdb Entry | |
| http://www.securityfocus.com/archive/1/530482/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/64491 | Vdb Entry | |
| http://www.securitytracker.com/id/1029529 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/89938 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2013-0016.html | 2018-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 4.0 Search vendor "Vmware" for product "Esx" and version "4.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esx Search vendor "Vmware" for product "Esx" | 4.1 Search vendor "Vmware" for product "Esx" and version "4.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.0 Search vendor "Vmware" for product "Esxi" and version "4.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.0 Search vendor "Vmware" for product "Esxi" and version "4.0" | 1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.0 Search vendor "Vmware" for product "Esxi" and version "4.0" | 2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.0 Search vendor "Vmware" for product "Esxi" and version "4.0" | 3 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.0 Search vendor "Vmware" for product "Esxi" and version "4.0" | 4 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.1 Search vendor "Vmware" for product "Esxi" and version "4.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.1 Search vendor "Vmware" for product "Esxi" and version "4.1" | 1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 4.1 Search vendor "Vmware" for product "Esxi" and version "4.1" | 2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.0 Search vendor "Vmware" for product "Esxi" and version "5.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.0 Search vendor "Vmware" for product "Esxi" and version "5.0" | 1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.0 Search vendor "Vmware" for product "Esxi" and version "5.0" | 2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.1 Search vendor "Vmware" for product "Esxi" and version "5.1" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.1 Search vendor "Vmware" for product "Esxi" and version "5.1" | 1 |
Safe
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | - |
Safe
| ||||||