CVE-2013-5973
First published: Mon Dec 23 2013(Updated: )
VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESX | =4.0 | |
| VMware ESX | =4.1 | |
| VMware ESXi | =4.0 | |
| VMware ESXi | =4.0-1 | |
| VMware ESXi | =4.0-2 | |
| VMware ESXi | =4.0-3 | |
| VMware ESXi | =4.0-4 | |
| VMware ESXi | =4.1 | |
| VMware ESXi | =4.1-1 | |
| VMware ESXi | =4.1-2 | |
| VMware ESXi | =5.0 | |
| VMware ESXi | =5.0-1 | |
| VMware ESXi | =5.0-2 | |
| VMware ESXi | =5.1 | |
| VMware ESXi | =5.1-1 | |
| VMware ESXi | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jvn.jp/en/jp/JVN13154935/index.html
- http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html
- http://osvdb.org/101387
- http://www.securityfocus.com/archive/1/530482/100/0/threaded
- http://www.securityfocus.com/bid/64491
- http://www.securitytracker.com/id/1029529
- http://www.vmware.com/security/advisories/VMSA-2013-0016.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89938
Frequently Asked Questions
What is the severity of CVE-2013-5973?
CVE-2013-5973 is rated as a moderate severity vulnerability.
How do I fix CVE-2013-5973?
To fix CVE-2013-5973, upgrade to a patched version of VMware ESXi or ESX that resolves this issue.
What environments are affected by CVE-2013-5973?
CVE-2013-5973 affects VMware ESXi versions 4.0 through 5.5 and ESX versions 4.0 and 4.1.
What types of files can be accessed using CVE-2013-5973?
CVE-2013-5973 allows local users to read or modify arbitrary files including those with -flat, -rdm, or -rdmp filenames.
Who can exploit CVE-2013-5973?
CVE-2013-5973 can be exploited by local users with the Virtual Machine Power User or Resource Pool Administrator role.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/author
- agent/event
- agent/tags
- agent/source
- vendor/vmware
- canonical/vmware esx
- version/vmware esx/4.0
- version/vmware esx/4.1
- canonical/vmware esxi
- version/vmware esxi/4.0
- version/vmware esxi/4.0-1
- version/vmware esxi/4.0-2
- version/vmware esxi/4.0-3
- version/vmware esxi/4.0-4
- version/vmware esxi/4.1
- version/vmware esxi/4.1-1
- version/vmware esxi/4.1-2
- version/vmware esxi/5.0
- version/vmware esxi/5.0-1
- version/vmware esxi/5.0-2
- version/vmware esxi/5.1
- version/vmware esxi/5.1-1
- version/vmware esxi/5.5