CVE-2005-3618 — Vmware ESX vulnerability

3 documents3 sources

Severity

7.6HIGHNVD

EPSS

2.1%

top 15.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ESX

Timeline

PublishedDec 31

Latest updateMay 1

Description

Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.

CVSS vector

AV:N/AC:H/C:C/I:C/A:CExploitability: 4.9 | Impact: 10.0

Affected Packages1 packages

▶NVDvmware/esx2.0.1 — 2.0.2+2

🔴Vulnerability Details

GHSA

GHSA-h6c2-g6q9-7g8w: Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2↗2022-05-01

▶

CVEList

CVE-2005-3618: Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2↗2006-07-31

▶