CVE-2005-3618

Name: CVE-2005-3618
Creator: NVD / NIST
Published: 2005-12-31T05:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.00%

Last modified Jun 16, 2026

CVE-2005-3618 is a vulnerability of currently unknown severity. Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.. EPSS estimates a 3.00% chance of exploitation in the next 30 days.

Description

Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. NOTE: this issue can be leveraged with CVE-2005-3619 to automatically perform the attacks.

Metrics

EPSS Probability

3.00%

85.7th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Vmware	Esx	>= 2.0.1, < 2.0.2
Vmware	Esx	>= 2.1.1, < 2.1.3
Vmware	Esx	>= 2.5.2, < 2.5.3

References

http://kb.vmware.com/kb/2118366Vendor Advisory
http://secunia.com/advisories/21230Third Party Advisory
http://securitytracker.com/id?1016612Third Party Advisory, VDB Entry
http://www.corsaire.com/advisories/c051114-001.txtBroken Link
http://www.securityfocus.com/archive/1/441726/100/100/threaded
http://www.securityfocus.com/archive/1/441825/100/100/threaded
http://www.vupen.com/english/advisories/2006/3075Permissions Required, Third Party Advisory
http://kb.vmware.com/kb/2118366Vendor Advisory
http://secunia.com/advisories/21230Third Party Advisory
http://securitytracker.com/id?1016612Third Party Advisory, VDB Entry
http://www.corsaire.com/advisories/c051114-001.txtBroken Link
http://www.securityfocus.com/archive/1/441726/100/100/threaded
http://www.securityfocus.com/archive/1/441825/100/100/threaded
http://www.vupen.com/english/advisories/2006/3075Permissions Required, Third Party Advisory

Timeline

Published: Dec 31, 2005
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2005-3618?

How severe is CVE-2005-3618?

Severity scoring for CVE-2005-3618 is pending analysis. The EPSS model estimates a 3.00% probability of exploitation in the next 30 days.

How do I fix CVE-2005-3618?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2005-3618?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST