CVE-2013-3658

Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.

CVSS v2.0 9.4 HIGH

9.4^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 10.0 / Impact : 9.2

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://jvn.jp/en/jp/JVN72911629/995428/index.html
http://jvn.jp/en/jp/JVN72911629/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2013-000084

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:vmware:esx:4.0:::::::*
	cpe:2.3:o:vmware:esx:4.1:::::::*
	cpe:2.3:o:vmware:esxi:4.0:::::::*
	cpe:2.3:o:vmware:esxi:4.0:1::::::
	cpe:2.3:o:vmware:esxi:4.0:2::::::
	cpe:2.3:o:vmware:esxi:4.0:3::::::
	cpe:2.3:o:vmware:esxi:4.0:4::::::
	cpe:2.3:o:vmware:esxi:4.1:::::::*
	cpe:2.3:o:vmware:esxi:4.1:1::::::
	cpe:2.3:o:vmware:esxi:4.1:2::::::
	cpe:2.3:o:vmware:esxi:5.0:::::::*

History

No history.

Information

Published : 2013-09-10 11:28

Updated : 2023-12-10 11:16

NVD link : CVE-2013-3658

Mitre link : CVE-2013-3658

CVE.ORG link : CVE-2013-3658

JSON object : View

Products Affected

vmware

esxi
esx

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2013-3658", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 9.2, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-09-10T11:28:40.597", "references": [{"url": "http://jvn.jp/en/jp/JVN72911629/995428/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvn.jp/en/jp/JVN72911629/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000084", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en VMware ESXi 4.0 hasta 5.0, y ESX 4.0 y 4.1permiten a un atacante remoto borrar archivos a discrecci\u00f3n en el sistema operativo anfitri\u00f3n a trav\u00e9s de vectores no especificados."}], "lastModified": "2013-09-12T17:07:16.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE"}, {"criteria": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF016EE7-083A-4D62-A6D4-2807EB47B6DB"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F11844A-3C6C-4AA5-87DC-979AFF62867A"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC463653-A599-45CF-8EA9-8854D5C59963"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DC5C2BF-6EC6-436F-A925-469E87249C8A"}, {"criteria": "cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7BCE5DA9-BB88-4169-B77C-40B1F98D511A"}, {"criteria": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2331236-2E9B-4B52-81EE-B52DEB41ACE5"}], "operator": "OR"}]}], "sourceIdentifier": "vultures@jpcert.or.jp"}