Описание
VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00364
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
github
больше 3 лет назад
VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.
EPSS
Процентиль: 58%
0.00364
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-20