BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

VMware ESX/ESXi Server Multiple Vulnerabilities

Disclosed July 31, 2013    Zeroday : 427 days

Vulnerability Description:

VMware ESX and ESXi contain multible vulnerabilities due to bundled versions of libxml2, GNU TLS, OpenSSL, and the Linux kernel. Successful exploitation may result in elevation of privilege, information disclosure, or denial of service.

Vendors:

VMware

Vulnerable Software/Devices:

VMware ESX 4.0
VMware ESXi 4.0, 5.0, 5.1

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Elevation of Privilege
Of the various vulnerabilities present in VMware ESX and ESXi, the worst of which may allow an attacker to have an opportunity to elevate their privileges. This may allow them to perform actions that would normally be restricted from them, including the ability to access sensitive data and executing arbitrary code.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 19926 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESXi 5.1/5.0/4.0
  • 19927 - VMware ESX/ESXi Server Multiple Vulnerabilities (Zero-Day) - ESX 4.0

Mitigation:

No mitigations are currently available.

Links:

CVE(s):

None