VMware ESXi 4.0, Patch ESXi400-201302403-SG: Updates vSphere Client (2042533)
Release date: February 07, 2013
|Patch Classification||Security |
See KB 2014447 if using Update Manager 5.0
|Build||For build information, see KB 2041344.|
|Host Reboot Required||No|
|Virtual Machine Migration or Shutdown Required||No|
|Related CVE numbers||CVE-2013-1405|
Summaries and Symptoms
This patch resolves a vulnerability related to the manner in which the vSphere Client handles the management authentication protocol. To exploit this vulnerability, an attacker must convince the vSphere Client to interact with a malicious server. Exploitation of this issue might lead to code execution on the system where the vSphere Client is installed.
To reduce the possibility of exploitation, deploy the vSphere Client in an isolated management network.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-1405 to this issue.
None beyond the required patch bundles and reboot information listed in the table above.
Patch Download and Installation
The typical way to apply patches to ESXi hosts is through the VMware Update Manager. For details, see the VMware vCenter Update Manager Administration Guide.