VMware ESXi 4.0, Patch ESXi400-201302401-SG: Updates Firmware (2041346)
Release date: February 07, 2013
|Patch Classification||Security |
See KB 2014447 if using Update Manager 5.0
|Build||For build information, see KB 2041344.|
|Host Reboot Required||Yes|
|Virtual Machine Migration or Shutdown Required||Yes|
|Related CVE numbers||CVE-2013-1405|
Summaries and Symptoms
This patch resolves a vulnerability related to the manner in which ESXi host handles the management authentication protocol. To exploit this vulnerability, an attacker must convince ESXi to interact with a malicious server as a client. Exploitation of this issue might lead to code execution on the client system.
To reduce the possibility of exploitation, deploy ESXi in an isolated management network.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue.
None beyond the required patch bundles and reboot information listed in the table above.
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware Update Manager. For details, see the VMware vCenter Update Manager Administration Guide.