Is CVE-2013-1405 actively exploited?

CVE-2013-1405 has no public evidence of in-the-wild exploitation as of 2025-04-11.

What is the CVSS score for CVE-2013-1405?

CVE-2013-1405 has a CVSS score of 10 (UNKNOWN severity). Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C.

How do I patch CVE-2013-1405?

Patch guidance is available from vmware security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2013-1405.

CVE-2013-1405 - remediation guidance & executive summary

Q: Which products are affected by CVE-2013-1405?

20 products: vmware vcenter server, vmware vcenter server, vmware virtualcenter, vmware vsphere client, vmware vsphere client, and 15 more.

Description

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0 before Update 4b and 4.1 before Update 3a, VMware VI-Client 2.5, VMware ESXi 3.5 through 4.1, and VMware ESX 3.5 through 4.1 do not properly implement the management authentication protocol, which allow remote servers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

CVSS Metrics

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Access Vector: network
Access Cmplx: low
Auth: none
Confidentiality: complete
Integrity: complete
Availability: complete
Weaknesses: CWE-287 · Improper Authentication

Metadata

Primary Vendor: VMWARE
Published: 2/15/2013
Last Modified: 4/11/2025
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

vmware : vcenter_servervmware : vcenter_servervmware : virtualcentervmware : vsphere_clientvmware : vsphere_clientvmware : vi-clientvmware : esxivmware : esxivmware : esxivmware : esxivmware : esxivmware : esxivmware : esxivmware : esxivmware : esxvmware : esxvmware : esxvmware : esxvmware : esxvmware : esx

Remediation Guidance

Executive Summary

View on NIST NVD