CVE-2014-4200

2014-08-2815:14:09

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-4200

vmware tools

vmware workstation

permissions

sensitive information

security vulnerability

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:C/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

Affected configurations

NVD

Node

vmwaretools

vmwarevm-supportMatch0.88

vmwareworkstationRange≤10.0.3

vmwareworkstationMatch10.0

vmwareworkstationMatch10.0.1

vmwareworkstationMatch10.0.2

CPENameOperatorVersion
vmware:toolsvmware toolseq*
vmware:vm-supportvmware vm-supporteq0.88
vmware:workstationvmware workstationle10.0.3
vmware:workstationvmware workstationeq10.0
vmware:workstationvmware workstationeq10.0.1
vmware:workstationvmware workstationeq10.0.2

CPE	Name	Operator	Version
vmware:tools	vmware tools	eq	*
vmware:vm-support	vmware vm-support	eq	0.88
vmware:workstation	vmware workstation	le	10.0.3
vmware:workstation	vmware workstation	eq	10.0
vmware:workstation	vmware workstation	eq	10.0.1
vmware:workstation	vmware workstation	eq	10.0.2