[email protected]CVE-2008-1392

HistoryMar 20, 2008 - 12:44 a.m.

CVE-2008-1392

2008-03-2000:44:00

CWE-16

[email protected]

web.nvd.nist.gov

vmware

workstation

player

ace

anonymous

vix api

security vulnerability

cve-2008-1392

6.6 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.7%

JSON

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

CPENameOperatorVersion
vmware:acevmware acele2.0
vmware:playervmware playerle2.0.2
vmware:vmware_workstationvmware vmware workstationeq6.0.2

CPE	Name	Operator	Version
vmware:ace	vmware ace	le	2.0
vmware:player	vmware player	le	2.0.2
vmware:vmware_workstation	vmware vmware workstation	eq	6.0.2

References

lists.vmware.com/pipermail/security-announce/2008/000008.html

security.gentoo.org/glsa/glsa-201209-25.xml

securityreason.com/securityalert/3755

www.securityfocus.com/archive/1/489739/100/0/threaded

www.securityfocus.com/bid/28276

www.vmware.com/security/advisories/VMSA-2008-0005.html

www.vmware.com/support/ace2/doc/releasenotes_ace2.html

www.vmware.com/support/player2/doc/releasenotes_player2.html

www.vmware.com/support/ws6/doc/releasenotes_ws6.html

exchange.xforce.ibmcloud.com/vulnerabilities/41551

6.6 Medium

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.7%

JSON

Related for CVE-2008-1392

cvelist1 ubuntucve1 prion1 nessus2 openvas2 gentoo1