Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: VMWare ESX/ESXi Security Advisory - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
VMWare ESX/ESXi Security Advisory

On Sunday, VMWare released a security advisory VMSA-2013-0016 and involves the ESX (versions 4.0 & 4.1) and ESXi (versions 4.0 through 5.5) products.  A vulnerability exists within the products which could allow an unpriviledged vCenter user to arbitrarily have read or write access to files. Removing the "Add Existing Disk" permission or limiting the number of vCenter users with this priviledge can reduce the risk of exploitation until updates can be applied.   More details are available at the VMWare Security Advisory page located at


Scott Fendley
ISC Handler


191 Posts
ISC Handler
Dec 23rd 2013
For more detailed information, we released a whitepaper describing this vulnerability a while ago:

Sign Up for Free or Log In to start participating in the conversation!