CVE-2013-5973

Sažetak

VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to read or modify arbitrary files by leveraging the Virtual Machine Power User or Resource Pool Administrator role for a vCenter Server Add Existing Disk action with a (1) -flat, (2) -rdm, or (3) -rdmp filename.

Reference

http://jvn.jp/en/jp/JVN13154935/index.html
http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000123.html
http://osvdb.org/101387
http://www.securityfocus.com/archive/1/530482/100/0/threaded
http://www.securityfocus.com/bid/64491
http://www.securitytracker.com/id/1029529
http://www.vmware.com/security/advisories/VMSA-2013-0016.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/89938

CVSS

Base:	4.4
Impact:	6.4
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:L/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

09-10-2018 - 19:34

Objavljeno

23-12-2013 - 15:42