CVE-2013-3079 : VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary progra

VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access.

Published 2013-05-01 12:00:14

Updated 2013-05-01 12:00:14

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-3079

Probability of exploitation activity in the next 30 days: 0.16%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-3079

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.0	HIGH	AV:N/AC:L/Au:S/C:C/I:C/A:C	8.0	10.0	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-3079

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-3079

http://www.vmware.com/security/advisories/VMSA-2013-0006.html

VMSA-2013-0006.1
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2013-3079

Vmware » Vcenter Server Appliance » Version: 5.1
cpe:2.3:a:vmware:vcenter_server_appliance:5.1:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-3079

Exploit prediction scoring system (EPSS) score for CVE-2013-3079

CVSS scores for CVE-2013-3079

CWE ids for CVE-2013-3079

References for CVE-2013-3079

Products affected by CVE-2013-3079