9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.08 Low
EPSS
Percentile
94.2%
05/03/2012
Critical
Multiple critical vulnerabilities have been found in VMware. Malicious users can exploit these vulnerabilities to cause denial of service or execute arbitrary code. Below is a complete list of vulnerabilities
VMware Workstation versions 8.0.2, 7.1.5
VMware Player versions 4.0.2, 3.1.4
VMware Fusion 4.1.2
ESXi 5.0 without patch ESXi500-201205401-SG
ESXi 4.1 without patches ESXi410-201205401-SG, ESXi410-201110201-SG, ESXi410-201201401-SG
ESXi 4.0 without patches ESXi400-201105201-UG, ESXi400-201205401-SG
ESXi 3.5 without patch ESXe350-201205401-I-SG
ESX 4.1 without patches ESX410-201205401-SG, ESX410-201110201-SG, ESX410-201201401-SG
ESX 4.0 without patches ESX400-201105201-UG, ESX400-201205401-SG
ESX 3.5 without patch ESX350-201205401-SG
Update to latest version
Vmware Products
ACE
CVE-2012-24499.0Critical
CVE-2012-24487.5Critical
CVE-2012-24509.0Critical
CVE-2012-15179.0Critical
CVE-2012-15169.0Critical
www.vmware.com/security/advisories/VMSA-2012-0009.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2448
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2449
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2450
my.vmware.com/web/vmware/downloads
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/VMware-Fusion/
threats.kaspersky.com/en/product/VMware-Infrastructure/
threats.kaspersky.com/en/product/VMware-Player/
threats.kaspersky.com/en/product/VMware-vSphere-Client/
threats.kaspersky.com/en/product/VMware-Workstation/
9.9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.08 Low
EPSS
Percentile
94.2%