| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.9 | $0-$5k | 0.00 |
Summary
A vulnerability identified as problematic has been detected in VMware ESX Server 2.5.3 Upgrade Patch 2. This affects an unknown function of the component Management Interface. The manipulation leads to an unknown weakness. This vulnerability is uniquely identified as CVE-2005-3618. No exploit exists. It is suggested to install a patch to address this issue.
Details
A vulnerability was found in VMware ESX Server 2.5.3 Upgrade Patch 2 (Virtualization Software) and classified as problematic. This issue affects some unknown functionality of the component Management Interface. Impacted is confidentiality, and integrity. The summary by CVE is:
Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.
The weakness was disclosed 08/01/2006 by Stephen de Vries and Martin O'Neal with Corsaire (Website). The advisory is shared at corsaire.com. The identification of this vulnerability is CVE-2005-3618 since 11/16/2005. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available.
It is declared as proof-of-concept.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at vmware.com.
The vulnerability is also documented in the databases at Secunia (SA21230†) and SecurityTracker (ID 1016612†). The entries VDB-2416, VDB-2418, VDB-27879 and VDB-31563 are pretty similar. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.vmware.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 5.9
VulDB Base Score: 6.5
VulDB Temp Score: 5.9
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: UnknownCWE: Unknown
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Proof-of-Concept
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Patch: vmware.com
Timeline
11/16/2005 🔍12/31/2005 🔍
07/31/2006 🔍
08/01/2006 🔍
08/01/2006 🔍
08/02/2006 🔍
04/21/2018 🔍
Sources
Vendor: vmware.comAdvisory: corsaire.com
Researcher: Stephen de Vries, Martin O'Neal
Organization: Corsaire
Status: Not defined
Confirmation: 🔍
CVE: CVE-2005-3618 (🔍)
GCVE (CVE): GCVE-0-2005-3618
GCVE (VulDB): GCVE-100-2417
Secunia: 21230 - VMware ESX Server Multiple Vulnerabilities, Less Critical
SecurityTracker: 1016612
Vupen: ADV-2006-3075
scip Labs: https://www.scip.ch/en/?labs.20060413
See also: 🔍
Entry
Created: 08/02/2006 11:02Updated: 04/21/2018 09:38
Changes: 08/02/2006 11:02 (62), 04/21/2018 09:38 (7)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.