CVE-2011-1126

2011-04-0412:27:00

CWE-264

[email protected]

web.nvd.nist.gov

vmware

vmrun

vix api

privilege escalation

linux

security vulnerability

6.5 Medium

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.

CPENameOperatorVersion
vmware:vix_apivmware vix apieq1.0
vmware:vix_apivmware vix apieq1.1
vmware:vix_apivmware vix apieq1.1.1
vmware:vix_apivmware vix apieq1.1.2
vmware:vix_apivmware vix apieq1.1.3
vmware:vix_apivmware vix apieq1.1.4
vmware:vix_apivmware vix apieq1.1.5
vmware:vix_apivmware vix apieq1.6.0
vmware:vix_apivmware vix apieq1.6.1
vmware:vix_apivmware vix apieq1.7

CPE	Name	Operator	Version
vmware:vix_api	vmware vix api	eq	1.0
vmware:vix_api	vmware vix api	eq	1.1
vmware:vix_api	vmware vix api	eq	1.1.1
vmware:vix_api	vmware vix api	eq	1.1.2
vmware:vix_api	vmware vix api	eq	1.1.3
vmware:vix_api	vmware vix api	eq	1.1.4
vmware:vix_api	vmware vix api	eq	1.1.5
vmware:vix_api	vmware vix api	eq	1.6.0
vmware:vix_api	vmware vix api	eq	1.6.1
vmware:vix_api	vmware vix api	eq	1.7