Lucene search
HistorySep 03, 2024 - 10:15 a.m.
CVE-2024-38811
vmware fusion
code-execution
vulnerability
cve-2024-38811
environment variable
malicious actor
standard user privileges
fusion application
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
Affected configurations
Node
vmwarefusionRange13.0.0–13.6
Related
nessus
nessus
VMware Fusion 13.0.x < 13.6 Vulnerability (VMSA-2024-0018)
2024-09-03 00:00:00
cvelist
cvelist
CVE-2024-38811 Code-execution vulnerability
2024-09-03 09:47:28
vulnrichment
vulnrichment
CVE-2024-38811 Code-execution vulnerability
2024-09-03 09:47:28
cve
cve
CVE-2024-38811
2024-09-03 10:15:05
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0
Percentile
5.1%
Related for NVD:CVE-2024-38811