CVE-2012-5703

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.0MEDIUM

EPSS

1.0%

top 22.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ESX Vmware Esxi

Timeline

PublishedNov 20

Latest updateMay 17

Description

The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers to cause a denial of service (host daemon crash) via an invalid value in a (1) RetrieveProp or (2) RetrievePropEx SOAP request.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDvmware/esxi4.1

▶NVDvmware/esx4.1

🔴Vulnerability Details

GHSA

GHSA-r6hf-gvxf-pm8r: The vSphere API in VMware ESXi 4↗2022-05-17

▶

CVEList

CVE-2012-5703: The vSphere API in VMware ESXi 4↗2012-11-20

▶