Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-4297

Опубликовано: 06 дек. 2010
Источник: nvd
CVSS2: 7.2
EPSS Низкий

Описание

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:2.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:2.0.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 87%
0.03126
Низкий

7.2 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

github логотип

GHSA-vrqj-4f32-p884

github
больше 3 лет назад

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.

EPSS

Процентиль: 87%
0.03126
Низкий

7.2 High

CVSS2

Дефекты

CWE-20