VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly implement the Network File Copy (NFC) protocol, which allows man-in-the-middle attackers to cause a denial of service (unhandled exception and application crash) by modifying the client-server data stream.
2013-09-04T03:24:36.967
2025-04-11T00:51:21.963
Deferred
CVSSv2: 4.3 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | vmware | esx | 4.0 | Yes |
| Operating System | vmware | esx | 4.1 | Yes |
| Operating System | vmware | esxi | 4.0 | Yes |
| Operating System | vmware | esxi | 4.0 | Yes |
| Operating System | vmware | esxi | 4.0 | Yes |
| Operating System | vmware | esxi | 4.0 | Yes |
| Operating System | vmware | esxi | 4.0 | Yes |
| Operating System | vmware | esxi | 4.1 | Yes |
| Operating System | vmware | esxi | 4.1 | Yes |
| Operating System | vmware | esxi | 4.1 | Yes |
| Operating System | vmware | esxi | 5.0 | Yes |
| Operating System | vmware | esxi | 5.0 | Yes |
| Operating System | vmware | esxi | 5.0 | Yes |
| Operating System | vmware | esxi | 5.1 | Yes |