Home > Blogs > VMware Security & Compliance Blog

New VMware Security Advisory VMSA-2013-0016

Today VMware has released the following new security advisory:


The advisory documents CVE-2013-5973 “VMware ESXi and ESX unauthorized file access through vCenter Server and ESX”. This issue may allow certain unprivileged users on vCenter Server access to arbitrary files on ESXi/ESX and may allow local unprivileged users on ESX (i.e. ESX 4.0 and ESX 4.1) access to arbitrary files. Modification of files on ESXi or ESX may allow for code execution after a host reboot.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisory and direct any questions to VMware Support.

2 thoughts on “New VMware Security Advisory VMSA-2013-0016

  1. Peter Gregory

    The CVE number is apparently incorrect, as it points to a vulnerability on CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux. I trust this will be fixed soon.

    1. Monty Ijzerman Post author

      We double checked and the CVE number is correct. The “CA XCOM Data Transport” issue has CVE number CVE-2012-5973 (note the “2012”) and not CVE-2013-5973 (note the “2013”). The latter CVE number is the one in our advisory.

Comments are closed.