File Access Vulnerability in VMware ESXi and ESX Products
CVE-2013-5973

Currently unrated

Key Information:

Vendor: Vmware
Status: Esx
Vendor: CVE Published:; 23 December 2013

Summary

A vulnerability exists in VMware ESXi and ESX products that allows local users with certain roles, such as Virtual Machine Power User or Resource Pool Administrator, to read or modify files that should be protected. This can be accomplished through the Add Existing Disk action in vCenter Server using specific filename patterns, leading to potential unauthorized access of sensitive data.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/89938

vdb-entryx_refsource_XF

http://www.securityfocus.com/archive/1/530482/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://osvdb.org/101387

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Dec 23, 2013
Vulnerability Reserved
Oct 1, 2013