fkie_nvd - fkie_cve-2012-2448

fkie_cve-2012-2448

Vulnerability from fkie_nvd

Published

2012-05-04 16:55

Modified

2025-04-11 00:51

Severity ?

Summary

VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic.

References

URL	Tags
cve@mitre.org	http://osvdb.org/81693
cve@mitre.org	http://www.securityfocus.com/bid/53371
cve@mitre.org	http://www.securitytracker.com/id?1027018
cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2012-0009.html	Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/75375
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/81693
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53371
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1027018
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2012-0009.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75375

Impacted products

Vendor	Product	Version
vmware	esxi	3.5
vmware	esxi	3.5
vmware	esxi	4.0
vmware	esxi	4.0
vmware	esxi	4.0
vmware	esxi	4.0
vmware	esxi	4.0
vmware	esxi	4.1
vmware	esxi	4.1
vmware	esxi	4.1
vmware	esxi	5.0
vmware	esx	3.5
vmware	esx	3.5
vmware	esx	3.5
vmware	esx	3.5
vmware	esx	4.0
vmware	esx	4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAE88D8C-9CC3-46D1-9F26-290BC679F47E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:*",
              "matchCriteriaId": "58ED8AB4-0FDF-4752-B44E-56F58593CE41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13771B15-CD71-472A-BE56-718B87D5825D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:*",
              "matchCriteriaId": "0A4E41C0-31FA-47AA-A9BF-B9A6C1D44801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:*",
              "matchCriteriaId": "AF016EE7-083A-4D62-A6D4-2807EB47B6DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:*",
              "matchCriteriaId": "8F11844A-3C6C-4AA5-87DC-979AFF62867A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:*",
              "matchCriteriaId": "AC463653-A599-45CF-8EA9-8854D5C59963",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDE707D-A1F4-4829-843E-F6633BB84D6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:*",
              "matchCriteriaId": "4DC5C2BF-6EC6-436F-A925-469E87249C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:*",
              "matchCriteriaId": "7BCE5DA9-BB88-4169-B77C-40B1F98D511A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2331236-2E9B-4B52-81EE-B52DEB41ACE5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFF29100-E124-4416-95CF-18B4246D43F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:*",
              "matchCriteriaId": "37A5D726-3D38-44D5-B509-1B8B003903A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:*",
              "matchCriteriaId": "A4DA3B20-A743-4F37-A095-65161FFBEB73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:*",
              "matchCriteriaId": "FF7C3C65-BE63-407E-9CFD-E571025C3E79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B6BA46F-4E8C-4B2A-AE92-81B9F1B4D56C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via NFS traffic."
    },
    {
      "lang": "es",
      "value": "VMware ESXi 3.5 hasta 5.0 y ESX 3.5 hasta 4.1 permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (sobrescritura de memoria) a trav\u00e9s de tr\u00e1fico NFS."
    }
  ],
  "id": "CVE-2012-2448",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-05-04T16:55:01.497",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/81693"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53371"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1027018"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/81693"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53371"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1027018"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2012-0009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75375"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2012-2448 (GCVE-0-2012-2448)

Vulnerability from cvelistv5

Published

2012-05-04 16:00