Vulnerabilities > CVE-2013-1405 - Improper Authentication vulnerability in VMWare products

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
vmware
CWE-287
critical
nessus
NVD
Published: 2013-02-15
Updated: 2013-02-15

Summary

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Vulnerable Configurations

Part Description Count
Application
Vmware
6
OS
Vmware
14

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Authentication Abuse
    An attacker obtains unauthorized access to an application, service or device either through knowledge of the inherent weaknesses of an authentication mechanism, or by exploiting a flaw in the authentication scheme's implementation. In such an attack an authentication mechanism is functioning but a carefully controlled sequence of events causes the mechanism to grant access to the attacker. This attack may exploit assumptions made by the target's authentication procedures, such as assumptions regarding trust relationships or assumptions regarding the generation of secret values. This attack differs from Authentication Bypass attacks in that Authentication Abuse allows the attacker to be certified as a valid user through illegitimate means, while Authentication Bypass allows the user to access protected material without ever being certified as an authenticated user. This attack does not rely on prior sessions established by successfully authenticating users, as relied upon for the "Exploitation of Session Variables, Resource IDs and other Trusted Credentials" attack patterns.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Utilizing REST's Trust in the System Resource to Register Man in the Middle
    This attack utilizes a REST(REpresentational State Transfer)-style applications' trust in the system resources and environment to place man in the middle once SSL is terminated. Rest applications premise is that they leverage existing infrastructure to deliver web services functionality. An example of this is a Rest application that uses HTTP Get methods and receives a HTTP response with an XML document. These Rest style web services are deployed on existing infrastructure such as Apache and IIS web servers with no SOAP stack required. Unfortunately from a security standpoint, there frequently is no interoperable identity security mechanism deployed, so Rest developers often fall back to SSL to deliver security. In large data centers, SSL is typically terminated at the edge of the network - at the firewall, load balancer, or router. Once the SSL is terminated the HTTP request is in the clear (unless developers have hashed or encrypted the values, but this is rare). The attacker can utilize a sniffer such as Wireshark to snapshot the credentials, such as username and password that are passed in the clear once SSL is terminated. Once the attacker gathers these credentials, they can submit requests to the web service provider just as authorized user do. There is not typically an authentication on the client side, beyond what is passed in the request itself so once this is compromised, then this is generally sufficient to compromise the service's authentication scheme.
  • Man in the Middle Attack
    This type of attack targets the communication between two components (typically client and server). The attacker places himself in the communication channel between the two components. Whenever one component attempts to communicate with the other (data flow, authentication challenges, etc.), the data first goes to the attacker, who has the opportunity to observe or alter it, and it is then passed on to the other component as if it was never intercepted. This interposition is transparent leaving the two compromised components unaware of the potential corruption or leakage of their communications. The potential for Man-in-the-Middle attacks yields an implicit lack of trust in communication or identify between two components.

Nessus

  • NASL familyMisc.
    NASL idVMWARE_ESX_VMSA-2013-0001_REMOTE.NASL
    descriptionThe remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - Authentication Service - bind - libxml2 - libxslt
    last seen2020-06-01
    modified2020-06-02
    plugin id89661
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89661
    titleVMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(89661);
  script_version("1.7");
  script_cvs_date("Date: 2018/11/15 20:50:24");

  script_cve_id(
    "CVE-2011-1202",
    "CVE-2011-3102",
    "CVE-2011-3970",
    "CVE-2012-2807",
    "CVE-2012-2825",
    "CVE-2012-2870",
    "CVE-2012-2871",
    "CVE-2012-4244",
    "CVE-2013-1405"
  );
  script_bugtraq_id(
    47668, 
    51911, 
    53540, 
    54203, 
    54718, 
    55331, 
    55522, 
    57666
  );
  script_xref(name:"VMSA", value:"2013-0001");

  script_name(english:"VMware ESX / ESXi Authentication Service and Third-Party Libraries Multiple Vulnerabilities (VMSA-2013-0001) (remote check)");
  script_summary(english:"Checks the version and build numbers of the remote host.");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by multiple vulnerabilities, including
remote code execution vulnerabilities, in several components and
third-party libraries :

  - Authentication Service
  - bind
  - libxml2
  - libxslt");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0001.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory that
pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 /
4.1.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release");
  script_require_ports("Host/VMware/vsphere");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

ver   = get_kb_item_or_exit("Host/VMware/version");
rel   = get_kb_item_or_exit("Host/VMware/release");
port  = get_kb_item_or_exit("Host/VMware/vsphere");
esx   = '';
build = 0;
fix   = FALSE;

if ("ESX" >!< rel)
  audit(AUDIT_OS_NOT, "VMware ESX/ESXi");

extract = eregmatch(pattern:"^(ESXi?) (\d\.\d).*$", string:ver);
if (empty_or_null(extract))
  audit(AUDIT_UNKNOWN_APP_VER, "VMware ESX/ESXi");

esx = extract[1];
ver = extract[2];

extract = eregmatch(pattern:'^VMware ESXi?.* build-([0-9]+)$', string:rel);
if (isnull(extract))
  audit(AUDIT_UNKNOWN_BUILD, "VMware " + esx, ver);

build = int(extract[1]);

fixes = make_array(
    "4.0", 989856,
    "4.1", 988178,
    "3.5", 988599
);

fix = fixes[ver];

if (!fix)
  audit(AUDIT_INST_VER_NOT_VULN, esx, ver, build);

if (build < fix)
{
  report = '\n  Version         : ' + esx + " " + ver +
           '\n  Installed build : ' + build +
           '\n  Fixed build     : ' + fix +
           '\n';
  security_report_v4(port:port, severity:SECURITY_HOLE, extra:report);
  exit(0);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, "VMware " + esx, ver, build);
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2013-0001.NASL
    descriptiona. VMware vSphere client-side authentication memory corruption vulnerability VMware vCenter Server, vSphere Client, and ESX contain a vulnerability in the handling of the management authentication protocol. To exploit this vulnerability, an attacker must convince either vCenter Server, vSphere Client or ESX to interact with a malicious server as a client. Exploitation of the issue may lead to code execution on the client system. To reduce the likelihood of exploitation, vSphere components should be deployed on an isolated management network. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue. b. Update to ESX/ESXi libxml2 userworld and service console The ESX/ESXi userworld libxml2 library has been updated to resolve multiple security issues. Also, the ESX service console libxml2 packages are updated to the following versions : libxml2-2.6.26-2.1.15.el5_8.5 libxml2-python-2.6.26-2.1.15.el5_8.5 These updates fix multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-3102 and CVE-2012-2807 to these issues. c. Update to ESX service console bind packages The ESX service console bind packages are updated to the following versions : bind-libs-9.3.6-20.P1.el5_8.2 bind-utils-9.3.6-20.P1.el5_8.2 These updates fix a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-4244 to this issue. d. Update to ESX service console libxslt package The ESX service console libxslt package is updated to version libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2011-1202, CVE-2011-3970, CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id64642
    published2013-02-16
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/64642
    titleVMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries
    code
    #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from VMware Security Advisory 2013-0001. 
# The text itself is copyright (C) VMware Inc.
#

include("compat.inc");

if (description)
{
  script_id(64642);
  script_version("1.32");
  script_cvs_date("Date: 2019/09/24 15:02:54");

  script_cve_id("CVE-2011-1202", "CVE-2011-3102", "CVE-2011-3970", "CVE-2012-2807", "CVE-2012-2825", "CVE-2012-2870", "CVE-2012-2871", "CVE-2012-4244", "CVE-2013-1405");
  script_bugtraq_id(47668, 51911, 53540, 54203, 54718, 55331, 55522, 57666);
  script_xref(name:"VMSA", value:"2013-0001");

  script_name(english:"VMSA-2013-0001 : VMware vSphere security updates for the authentication service and third-party libraries");
  script_summary(english:"Checks esxupdate output for the patches");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote VMware ESXi / ESX host is missing one or more
security-related patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"a. VMware vSphere client-side authentication memory corruption
   vulnerability

   VMware vCenter Server, vSphere Client, and ESX contain a
   vulnerability in the handling of the management authentication
   protocol. To exploit this vulnerability, an attacker must
   convince either vCenter Server, vSphere Client or ESX to
   interact with a malicious server as a client. Exploitation of
   the issue may lead to code execution on the client system.
     
   To reduce the likelihood of exploitation, vSphere components
   should be deployed on an isolated management network.
     
   The Common Vulnerabilities and Exposures Project (cve.mitre.org)
   has assigned the name CVE-2013-1405 to this issue.

b. Update to ESX/ESXi libxml2 userworld and service console

   The ESX/ESXi userworld libxml2 library has been updated to
   resolve multiple security issues. Also, the ESX service console
   libxml2 packages are updated to the following versions :

     libxml2-2.6.26-2.1.15.el5_8.5
     libxml2-python-2.6.26-2.1.15.el5_8.5

   These updates fix multiple security issues. The Common
   Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the names CVE-2011-3102 and CVE-2012-2807 to these
   issues.

c. Update to ESX service console bind packages

   The ESX service console bind packages are updated to the
   following versions :

     bind-libs-9.3.6-20.P1.el5_8.2
     bind-utils-9.3.6-20.P1.el5_8.2

   These updates fix a security issue. The Common Vulnerabilities
   and Exposures project (cve.mitre.org) has assigned the name
   CVE-2012-4244 to this issue.

d. Update to ESX service console libxslt package

   The ESX service console libxslt package is updated to version
   libxslt-1.1.17-4.el5_8.3 to resolve multiple security issues.

   The Common Vulnerabilities and Exposures project (cve.mitre.org)
   has assigned the names CVE-2011-1202, CVE-2011-3970,
   CVE-2012-2825, CVE-2012-2870, and CVE-2012-2871 to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://lists.vmware.com/pipermail/security-announce/2013/000215.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply the missing patches.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esx:4.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:3.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:4.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:5.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/16");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2019 Tenable Network Security, Inc.");
  script_family(english:"VMware ESX Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
  script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");

  exit(0);
}


include("audit.inc");
include("vmware_esx_packages.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
  !get_kb_item("Host/VMware/esxcli_software_vibs") &&
  !get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);


init_esx_check(date:"2013-01-31");
flag = 0;


if (esx_check(ver:"ESX 3.5.0", patch:"ESX350-201302401-SG")) flag++;

if (
  esx_check(
    ver           : "ESX 4.0",
    patch         : "ESX400-201302401-SG",
    patch_updates : make_list("ESX400-201305401-SG", "ESX400-201310401-SG", "ESX400-201404401-SG")
  )
) flag++;
if (esx_check(ver:"ESX 4.0", patch:"ESX400-201305402-SG")) flag++;

if (
  esx_check(
    ver           : "ESX 4.1",
    patch         : "ESX410-201301401-SG",
    patch_updates : make_list("ESX410-201304401-SG", "ESX410-201307401-SG", "ESX410-201312401-SG", "ESX410-201404401-SG")
  )
) flag++;
if (esx_check(ver:"ESX 4.1", patch:"ESX410-201301402-SG")) flag++;
if (esx_check(ver:"ESX 4.1", patch:"ESX410-201301403-SG")) flag++;
if (
  esx_check(
    ver           : "ESX 4.1",
    patch         : "ESX410-201301405-SG",
    patch_updates : make_list("ESX410-201304402-SG", "ESX410-201307405-SG")
  )
) flag++;

if (esx_check(ver:"ESXi 3.5.0", patch:"ESXe350-201302401-I-SG")) flag++;
if (esx_check(ver:"ESXi 3.5.0", patch:"ESXe350-201302403-C-SG")) flag++;

if (
  esx_check(
    ver           : "ESXi 4.0",
    patch         : "ESXi400-201302401-SG",
    patch_updates : make_list("ESXi400-201305401-SG", "ESXi400-201310401-SG", "ESXi400-201404401-SG")
  )
) flag++;
if (
  esx_check(
    ver           : "ESXi 4.0",
    patch         : "ESXi400-201302403-SG",
    patch_updates : make_list("ESXi400-201404402-SG")
  )
) flag++;

if (
  esx_check(
    ver           : "ESXi 4.1",
    patch         : "ESXi410-201301401-SG",
    patch_updates : make_list("ESXi410-201304401-SG", "ESXi410-201307401-SG", "ESXi410-201312401-SG", "ESXi410-201404401-SG")
  )
) flag++;

if (esx_check(ver:"ESXi 5.0", vib:"VMware:esx-base:5.0.0-2.29.1022489")) flag++;

if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-base:5.1.0-0.11.1063671")) flag++;
if (esx_check(ver:"ESXi 5.1", vib:"VMware:esx-xserver:5.1.0-0.11.1063671")) flag++;
if (esx_check(ver:"ESXi 5.1", vib:"VMware:net-bnx2x:1.61.15.v50.3-1vmw.510.0.11.1063671")) flag++;
if (esx_check(ver:"ESXi 5.1", vib:"VMware:tools-light:5.1.0-0.11.1063671")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:esx_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
  • NASL familyWindows
    NASL idVSPHERE_CLIENT_VMSA_2013-0001.NASL
    descriptionThe version of vSphere Client installed on the remote Windows host is potentially affected by a memory corruption issue in the authentication mechanism.
    last seen2020-06-01
    modified2020-06-02
    plugin id64559
    published2013-02-11
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/64559
    titleVMware vSphere Client Memory Corruption (VMSA-2013-0001)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(64559);
  script_version("1.8");
  script_cvs_date("Date: 2019/12/04");

  script_cve_id("CVE-2013-1405");
  script_bugtraq_id(57666);
  script_xref(name:"VMSA", value:"2013-0001");

  script_name(english:"VMware vSphere Client Memory Corruption (VMSA-2013-0001)");
  script_summary(english:"Checks version of vSphere Client");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has a virtualization client application installed that
is affected by a memory corruption vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of vSphere Client installed on the remote Windows host is
potentially affected by a memory corruption issue in the authentication
mechanism.");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2013-0001.html");
  script_set_attribute(attribute:"solution", value:
"Upgrade to vSphere Client 4.0 Update 4b / 4.1 Update 3a or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-1405");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/01/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/02/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vsphere_client");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows");

  script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vsphere_client_installed.nasl");
  script_require_keys("SMB/VMware vSphere Client/Installed");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

installs = get_kb_list_or_exit("SMB/VMware vSphere Client/*/Path");

info = '';
info2 = '';
vuln = 0;
foreach version (keys(installs))
{
  path = installs[version];
  version = version - 'SMB/VMware vSphere Client/' - '/Path';
  matches = eregmatch(pattern:'^([0-9\\.]+) build ([0-9]+)$', string:version);
  if (matches)
  {
    ver = matches[1];
    build = matches[2];
  }

  if (ver =~ '^4\\.1\\.0$' && int(build) < 925676)
  {
    vuln++;
    info += 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 4.1.0 build 925676\n';
  }
  else if (ver =~ '^4\\.0\\.0$' && int(build) < 934018)
  {
    vuln++;
    info += 
      '\n  Path              : ' + path +
      '\n  Installed version : ' + version +
      '\n  Fixed version     : 4.0.0 build 934018\n';
  }
  else info2 += ' and ' + version;
}

if (vuln)
{
  port = get_kb_item('SMB/transport');
  if (!port) port = 445;

  if (report_verbosity > 0) security_hole(port:port, extra:info);
  else security_hole(port);
  exit(0);
}

if (info2)
{
  info2 -= ' and ';
  if (' and ' >< info2) be = 'are';
  else be = 'is';

  exit(0, 'The host is not affected since VMware vSphere Client'+info2+' '+be+' installed.');
}
else exit(1, 'Unexpected error - \'info2\' is empty.');

Seebug

  • bulletinFamilyexploit
    descriptionCVE ID:CVE-2013-1405 Conceptronic C54APM是一款无线AP设备。 Conceptronic C54APM存在多个开放重定向漏洞,允许远程攻击者利用漏洞构建恶意URI,诱使用户解析,可重定向用户通信,进行网络钓鱼等攻击。漏洞是由于goform/formWlSiteSurvey脚本不正确过滤'submit-url'参数及goform/formWlanSetup脚本不正确过滤wlan-url参数。 0 Conceptronic C54APM v2.0 1.26 目前没有详细解决方案提供: http://www.conceptronic.net/es/download_list.php?stype=3&amp;productid=341
    idSSV:61323
    last seen2017-11-19
    modified2014-01-13
    published2014-01-13
    reporterRoot
    titleConceptronic C54APM多个开放重定向漏洞
  • bulletinFamilyexploit
    descriptionCVE ID: CVE-2013-1405 vSphere是VMware推出的基于云计算的新一代数据中心虚拟化套件,提供了虚拟化基础架构、高可用性、集中管理 VMware vSphere某些产品处理管理验证协议存在安全漏洞,允许攻击者利用漏洞破坏内存,成功利用可执行任意代码,但需要vCenter Server或vSphere Client与恶意服务器进行交互 0 VMware Virtual Infrastructure Client VMware VirtualCenter 2.x VMware vSphere 4.x VMware vSphere Client 4.x 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息: http://www.vmware.com/security/advisories/VMSA-2013-0001.html
    idSSV:60630
    last seen2017-11-19
    modified2013-02-06
    published2013-02-06
    reporterRoot
    titleVMware vSphere产品客户端验证漏洞(CVE-2013-1405)

References