CVE-2013-1659
First published: Fri Feb 22 2013(Updated: )
VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and 5.1 before 5.1.0b; VMware ESXi 3.5 through 5.1; and VMware ESX 3.5 through 4.1 do not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption) by modifying the client-server data stream.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware vCenter | =4.0 | |
| VMware vCenter | =4.0-update_1 | |
| VMware vCenter | =4.0-update_2 | |
| VMware vCenter | =4.0-update_3 | |
| VMware vCenter | =4.0-update_4 | |
| VMware vCenter | =4.0-update_4a | |
| VMware vCenter Server Appliance | =5.1 | |
| VMware vCenter Server Appliance | =5.1.0a | |
| VMware vCenter | =5.0 | |
| VMware vCenter | =5.0-update_1 | |
| VMware ESXi and Horizon DaaS | =3.5 | |
| VMware ESXi and Horizon DaaS | =3.5-1 | |
| VMware ESXi and Horizon DaaS | =4.0 | |
| VMware ESXi and Horizon DaaS | =4.0-1 | |
| VMware ESXi and Horizon DaaS | =4.0-2 | |
| VMware ESXi and Horizon DaaS | =4.0-3 | |
| VMware ESXi and Horizon DaaS | =4.0-4 | |
| VMware ESXi and Horizon DaaS | =4.1 | |
| VMware ESXi and Horizon DaaS | =4.1-1 | |
| VMware ESXi and Horizon DaaS | =4.1-2 | |
| VMware ESXi and Horizon DaaS | =5.0 | |
| VMware ESXi and Horizon DaaS | =5.0-1 | |
| VMware ESXi and Horizon DaaS | =5.0-2 | |
| VMware ESXi and Horizon DaaS | =5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-1659?
CVE-2013-1659 is rated as critical due to its potential for remote code execution and denial of service.
How do I fix CVE-2013-1659?
To fix CVE-2013-1659, you should update VMware vCenter Server and ESXi to the latest versions or apply the necessary patches as recommended by VMware.
Which versions are affected by CVE-2013-1659?
CVE-2013-1659 affects VMware vCenter Server versions prior to 4.0 Update 4b, 5.0 prior to Update 2, 5.1 prior to 5.1.0b, and various versions of VMware ESXi and ESX.
What can an attacker do with CVE-2013-1659?
An attacker exploiting CVE-2013-1659 can execute arbitrary code on the affected systems or cause a denial of service.
Is there a workaround for CVE-2013-1659?
No official workaround is recommended for CVE-2013-1659; patching is the principal mitigation method.
- agent/type
- agent/severity
- agent/author
- agent/references
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware vcenter
- version/vmware vcenter/4.0
- version/vmware vcenter/4.0-update_1
- version/vmware vcenter/4.0-update_2
- version/vmware vcenter/4.0-update_3
- version/vmware vcenter/4.0-update_4
- version/vmware vcenter/4.0-update_4a
- canonical/vmware vcenter server appliance
- version/vmware vcenter server appliance/5.1
- version/vmware vcenter server appliance/5.1.0a
- version/vmware vcenter/5.0
- version/vmware vcenter/5.0-update_1
- canonical/vmware esxi and horizon daas
- version/vmware esxi and horizon daas/3.5
- version/vmware esxi and horizon daas/3.5-1
- version/vmware esxi and horizon daas/4.0
- version/vmware esxi and horizon daas/4.0-1
- version/vmware esxi and horizon daas/4.0-2
- version/vmware esxi and horizon daas/4.0-3
- version/vmware esxi and horizon daas/4.0-4
- version/vmware esxi and horizon daas/4.1
- version/vmware esxi and horizon daas/4.1-1
- version/vmware esxi and horizon daas/4.1-2
- version/vmware esxi and horizon daas/5.0
- version/vmware esxi and horizon daas/5.0-1
- version/vmware esxi and horizon daas/5.0-2
- version/vmware esxi and horizon daas/5.1