3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.975 High
EPSS
Percentile
100.0%
01/27/2015
High
Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges or cause denial of service.
VMware Workstation 10 versions earlier than 10.0.5
VMware Player 6 versions earlier than 6.0.5
VMware Fusion 7 versions earlier than 7.0.1
VMware Fusion 6 versions earlier than 6.0.5
VMware vCenter Server 5.5 earlier than update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
ESXi 5.1 without patch ESXi510-201404101-SG
ESXi 5.0 without patch ESXi500-201405101-SG
Update to latest version
Get VMware products
ACE
CVE-2014-35664.3Warning
CVE-2014-35684.3Warning
CVE-2014-36605.0Warning
CVE-2015-10433.3Warning
CVE-2015-10443.3Warning
CVE-2014-35137.1High
CVE-2014-35677.1High
CVE-2014-83706.4High
Public exploits exist for this vulnerability.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044
my.vmware.com/web/vmware/downloads
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/VMware-Fusion/
threats.kaspersky.com/en/product/VMware-Player/
threats.kaspersky.com/en/product/VMware-Server/
threats.kaspersky.com/en/product/VMware-vCenter-Converter-Standalone/
threats.kaspersky.com/en/product/VMware-vSphere-Client/
threats.kaspersky.com/en/product/VMware-Workstation/
www.vmware.com/security/advisories/VMSA-2015-0001
3.4 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
6.1 Medium
AI Score
Confidence
Low
7.1 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
0.975 High
EPSS
Percentile
100.0%