Reno Robert of Trend Micro Zero Day InitiativeZDI-20-1268VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
50.1%
This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.
Related
7.7 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
0.001 Low
EPSS
Percentile
50.1%