Kaspersky LabKLA10854KLA10854 Privileges escalation vulnerabilities in VMware products
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.8%
Detect date:
08/07/2016
Severity:
Warning
Description:
Untrusted search path vulnerability was found in VMware products. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally via DLL hijack.
Affected products:
VMware Workstation 12.1 versions earlier than 12.1.1
VMware Player 12.1 versions earlier than 12.1.1
VMware Fusion 8.1 versions earlier than 8.1.1
Solution:
Update to the latest version
VMware downloads page
Original advisories:
Impacts:
PE
Related products:
CVE-IDS:
CVE-2016-53304.4Warning
References
www.vmware.com/security/advisories/VMSA-2016-0010.html
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5330
my.vmware.com/en/web/vmware/downloads
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/VMware-Fusion/
threats.kaspersky.com/en/product/VMware-Player/
threats.kaspersky.com/en/product/VMware-Workstation/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.02 Low
EPSS
Percentile
88.8%