VMware hosted products and ESXi/ESX patches address privilege escalation

2012-04-1200:00:00

www.vmware.com

8.3 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

0.003 Low

EPSS

Percentile

66.0%

JSON

a. VMware Tools Incorrect Folder Permissions Privilege EscalationThe access control list of the VMware Tools folder is incorrectly set. Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.VMware would like to thank Tavis Ormandy for reporting this issue to us.The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2012-1518 to this issue.Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

CPENameOperatorVersion
workstationlt8.0.2
workstationlt7.1.6
playerlt4.0.2
playerlt3.1.6
fusionlt4.1.2
esxiltESXi500-201203102-SG
esxiltESXi410-201201402-BG
esxiltESXi400-201203402-BG
esxiltESXe350-201203402-T-BG
esxltESX410-201201401-SG

Name	Operator	Version
workstation	lt	8.0.2
workstation	lt	7.1.6
player	lt	4.0.2
player	lt	3.1.6
fusion	lt	4.1.2
esxi	lt	ESXi500-201203102-SG
esxi	lt	ESXi410-201201402-BG
esxi	lt	ESXi400-201203402-BG
esxi	lt	ESXe350-201203402-T-BG
esx	lt	ESX410-201201401-SG