Lucene search

K

Kaspersky LabKLA10452

HistoryJan 27, 2015 - 12:00 a.m.

KLA10452 Multiple vulnerabilities in VMware products

2015-01-2700:00:00

Kaspersky Lab

threats.kaspersky.com

38

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.975 High

EPSS

Percentile

100.0%

Detect date:

01/27/2015

Severity:

High

Description:

Multiple serious vulnerabilities have been found in VMware products. Malicious users can exploit these vulnerabilities to gain privileges or cause denial of service.

Affected products:

VMware Workstation 10 versions earlier than 10.0.5
VMware Player 6 versions earlier than 6.0.5
VMware Fusion 7 versions earlier than 7.0.1
VMware Fusion 6 versions earlier than 6.0.5
VMware vCenter Server 5.5 earlier than update 2d
ESXi 5.5 without patch ESXi550-201403102-SG, ESXi550-201501101-SG
ESXi 5.1 without patch ESXi510-201404101-SG
ESXi 5.0 without patch ESXi500-201405101-SG

Solution:

Update to latest version
Get VMware products

Original advisories:

Impacts:

ACE

Related products:

VMware Workstation

CVE-IDS:

CVE-2014-35664.3Warning
CVE-2014-35684.3Warning
CVE-2014-36605.0Warning
CVE-2015-10433.3Warning
CVE-2015-10443.3Warning
CVE-2014-35137.1High
CVE-2014-35677.1High
CVE-2014-83706.4High

Exploitation:

Public exploits exist for this vulnerability.

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3513

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3567

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3568

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3660

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8370

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1043

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1044

my.vmware.com/web/vmware/downloads

statistics.securelist.com/vulnerability-scan/month

threats.kaspersky.com/en/product/VMware-Fusion/

threats.kaspersky.com/en/product/VMware-Player/

threats.kaspersky.com/en/product/VMware-Server/

threats.kaspersky.com/en/product/VMware-vCenter-Converter-Standalone/

threats.kaspersky.com/en/product/VMware-vSphere-Client/

threats.kaspersky.com/en/product/VMware-Workstation/

www.vmware.com/security/advisories/VMSA-2015-0001

3.4 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

6.1 Medium

AI Score

Confidence

Low

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.975 High

EPSS

Percentile

100.0%