CVE-2012-1518

2012-04-1721:55:00

CWE-264

[email protected]

web.nvd.nist.gov

vmware

acl

security

vulnerability

privilege escalation

6.5 Medium

AI Score

Confidence

Low

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

66.1%

JSON

VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 use an incorrect ACL for the VMware Tools folder, which allows guest OS users to gain guest OS privileges via unspecified vectors.

CPENameOperatorVersion
vmware:workstationvmware workstationeq8.0.1
vmware:workstationvmware workstationeq8.0
vmware:playervmware playereq4.0.1
vmware:playervmware playereq4.0.2
vmware:playervmware playereq4.0
vmware:fusionvmware fusioneq4.0.1
vmware:fusionvmware fusioneq4.1.1
vmware:fusionvmware fusioneq4.0
vmware:fusionvmware fusioneq4.0.2
vmware:fusionvmware fusioneq4.1

CPE	Name	Operator	Version
vmware:workstation	vmware workstation	eq	8.0.1
vmware:workstation	vmware workstation	eq	8.0
vmware:player	vmware player	eq	4.0.1
vmware:player	vmware player	eq	4.0.2
vmware:player	vmware player	eq	4.0
vmware:fusion	vmware fusion	eq	4.0.1
vmware:fusion	vmware fusion	eq	4.1.1
vmware:fusion	vmware fusion	eq	4.0
vmware:fusion	vmware fusion	eq	4.0.2
vmware:fusion	vmware fusion	eq	4.1