Lucene search

K
vmwareVMwareVMSA-2015-0001
HistoryJan 27, 2015 - 12:00 a.m.

VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues

2015-01-2700:00:00
www.vmware.com
476

0.975 High

EPSS

Percentile

100.0%

a. VMware ESXi, Workstation, Player, and Fusion host privilege escalation vulnerability

VMware ESXi, Workstation, Player and Fusion contain an arbitrary file write issue. Exploitation this issue may allow for privilege escalation on the host.

The vulnerability does not allow for privilege escalation from the guest Operating System to the host or vice-versa. This means that host memory can not be manipulated from the Guest Operating
System.

Mitigation

For ESXi to be affected, permissions must have been added to ESXi (or a vCenter Server managing it) for a virtual machine administrator role or greater.

VMware would like to thank Shanon Olsson for reporting this issue to us through JPCERT.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2014-8370 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

0.975 High

EPSS

Percentile

100.0%

Related for VMSA-2015-0001