CVE-2013-1659

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 4.0 through 4.0 Update 4a VMware vCenter Server versions 5.0 through 5.0 Update 1 VMware vCenter Server versions 5.1 through 5.1.0a VMware ESXi versions 3.5 through 5.1 VMware ESX versions 3.5 through 4.1

Description The issue arises from the improper implementation of the Network File Copy (NFC) protocol. This allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service due to memory corruption by modifying the client-server data stream.

Recommendations For VMware vCenter Server versions 4.0 through 4.0 Update 4a, update to version 4.0 Update 4b or later. For VMware vCenter Server versions 5.0 through 5.0 Update 1, update to version 5.0 Update 2 or later. For VMware vCenter Server versions 5.1 through 5.1.0a, update to version 5.1.0b or later. For VMware ESXi versions 3.5 through 5.1, update to a version later than 5.1. For VMware ESX versions 3.5 through 4.1, update to a version later than 4.1.