CVE-2010-4573Improper Authentication in Vmware Esxi

CWE-287Improper AuthenticationCWE-681Incorrect Conversion between Numeric TypesCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.3CRITICALNVD
EPSS
1.6%
top 18.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Esxi
Timeline
PublishedDec 22
Latest updateMay 14

Description

The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is present, does not properly configure the SFCB authentication mode, which allows remote attackers to obtain access via an arbitrary username and password.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

NVDvmware/esxi4.1

🔴Vulnerability Details

2
GHSA
GHSA-76jq-8wqx-96ch: The Update Installer in VMware ESXi 42022-05-14
CVEList
CVE-2010-4573: The Update Installer in VMware ESXi 42010-12-22

📋Vendor Advisories

1
Red Hat
kernel: IA32 System Call Entry Point Vulnerability2010-09-15
CVE-2010-4573 — Improper Authentication in Vmware Esxi | cvebase