Summary
| Detail | |||
|---|---|---|---|
| Vendor | Vmware | First view | 2017-06-07 |
| Product | Fusion | Last view | 2023-10-20 |
| Version | 8.5.2 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:vmware:fusion | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7 | 2023-10-20 | CVE-2023-34046 | VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. |
| 7.8 | 2023-10-20 | CVE-2023-34045 | VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. |
| 7.8 | 2023-04-25 | CVE-2023-20871 | VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. |
| 6 | 2023-04-25 | CVE-2023-20870 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. |
| 8.2 | 2023-04-25 | CVE-2023-20869 | VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. |
| 6.7 | 2022-02-16 | CVE-2021-22041 | VMware ESXi, Workstation, and Fusion contain a double-fetch vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
| 6.7 | 2022-02-16 | CVE-2021-22040 | VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
| 8.4 | 2021-09-15 | CVE-2020-3960 | VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory. |
| 8.2 | 2020-11-20 | CVE-2020-4004 | VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. |
| 6.7 | 2020-09-16 | CVE-2020-3980 | VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. |
| 7.8 | 2020-07-10 | CVE-2020-3974 | VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. |
| 5.5 | 2020-06-25 | CVE-2020-3971 | VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. |
| 3.8 | 2020-06-25 | CVE-2020-3970 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition. |
| 8.2 | 2020-06-25 | CVE-2020-3968 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
| 7.5 | 2020-06-25 | CVE-2020-3967 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
| 7.5 | 2020-06-25 | CVE-2020-3966 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
| 5.5 | 2020-06-25 | CVE-2020-3965 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. |
| 4.7 | 2020-06-25 | CVE-2020-3964 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. |
| 5.5 | 2020-06-25 | CVE-2020-3963 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. |
| 7.8 | 2020-06-24 | CVE-2020-3969 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
| 8.2 | 2020-06-24 | CVE-2020-3962 | VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. |
| 3.3 | 2020-05-29 | CVE-2020-3959 | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. |
| 5.5 | 2020-05-29 | CVE-2020-3958 | VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. |
| 7 | 2020-05-29 | CVE-2020-3957 | VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. |
| 7.8 | 2020-03-17 | CVE-2020-3950 | VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 24% (11) | CWE-125 | Out-of-bounds Read |
| 20% (9) | CWE-787 | Out-of-bounds Write |
| 13% (6) | CWE-416 | Use After Free |
| 8% (4) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 6% (3) | CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition |
| 4% (2) | CWE-476 | NULL Pointer Dereference |
| 2% (1) | CWE-772 | Missing Release of Resource after Effective Lifetime |
| 2% (1) | CWE-732 | Incorrect Permission Assignment for Critical Resource |
| 2% (1) | CWE-617 | Reachable Assertion |
| 2% (1) | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory L... |
| 2% (1) | CWE-362 | Race Condition |
| 2% (1) | CWE-306 | Missing Authentication for Critical Function |
| 2% (1) | CWE-269 | Improper Privilege Management |
| 2% (1) | CWE-203 | Information Exposure Through Discrepancy |
| 2% (1) | CWE-193 | Off-by-one Error |
| 2% (1) | CWE-190 | Integer Overflow or Wraparound |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-02-20 | Intel x64 side-channel analysis information leak attempt RuleID : 45444 - Type : OS-OTHER - Revision : 2 |
| 2018-02-20 | Intel x64 side-channel analysis information leak attempt RuleID : 45443 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x64 side-channel analysis information leak attempt RuleID : 45368 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x64 side-channel analysis information leak attempt RuleID : 45367 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45366 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45365 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45364 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45363 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45362 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45361 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45360 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45359 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45358 - Type : OS-OTHER - Revision : 2 |
| 2018-02-06 | Intel x86 side-channel analysis information leak attempt RuleID : 45357 - Type : OS-OTHER - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2018-11-16 | Name: A virtualisation application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2018_0008.nasl - Type: ACT_GATHER_INFO |
| 2018-11-02 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL91229003.nasl - Type: ACT_GATHER_INFO |
| 2018-10-31 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201810-06.nasl - Type: ACT_GATHER_INFO |
| 2018-09-18 | Name: The remote EulerOS Virtualization host is missing multiple security updates. File: EulerOS_SA-2018-1236.nasl - Type: ACT_GATHER_INFO |
| 2018-08-20 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2018_0022.nasl - Type: ACT_GATHER_INFO |
| 2018-08-17 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-1_0-0098.nasl - Type: ACT_GATHER_INFO |
| 2018-07-24 | Name: The remote PhotonOS host is missing multiple security updates. File: PhotonOS_PHSA-2018-2_0-0011.nasl - Type: ACT_GATHER_INFO |
| 2018-07-20 | Name: The remote Debian host is missing a security update. File: debian_DLA-1423.nasl - Type: ACT_GATHER_INFO |
| 2018-07-16 | Name: The remote Debian host is missing a security update. File: debian_DLA-1422.nasl - Type: ACT_GATHER_INFO |
| 2018-05-24 | Name: A virtualization application installed on the remote macOS or Mac OS X host i... File: macosx_fusion_vmsa_2018_0013.nasl - Type: ACT_GATHER_INFO |
| 2018-05-03 | Name: The remote Debian host is missing a security update. File: debian_DLA-1369.nasl - Type: ACT_GATHER_INFO |
| 2018-05-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4188.nasl - Type: ACT_GATHER_INFO |
| 2018-05-02 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4187.nasl - Type: ACT_GATHER_INFO |
| 2018-04-18 | Name: The remote Amazon Linux 2 host is missing a security update. File: al2_ALAS-2018-956.nasl - Type: ACT_GATHER_INFO |
| 2018-03-29 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_1ce95bc7327811e8b52700012e582166.nasl - Type: ACT_GATHER_INFO |
| 2018-03-15 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-0512.nasl - Type: ACT_GATHER_INFO |
| 2018-02-27 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2018-057-01.nasl - Type: ACT_GATHER_INFO |
| 2018-02-23 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-4120.nasl - Type: ACT_GATHER_INFO |
| 2018-02-22 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2018-956.nasl - Type: ACT_GATHER_INFO |
| 2018-02-05 | Name: The remote Virtuozzo host is missing multiple security updates. File: Virtuozzo_VZA-2018-006.nasl - Type: ACT_GATHER_INFO |
| 2018-01-30 | Name: A web browser installed on the remote Windows host is affected by multiple se... File: google_chrome_64_0_3282_119.nasl - Type: ACT_GATHER_INFO |
| 2018-01-26 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2018-0151.nasl - Type: ACT_GATHER_INFO |
| 2018-01-25 | Name: The remote AIX host is missing a security patch. File: aix_IJ03036.nasl - Type: ACT_GATHER_INFO |
| 2018-01-25 | Name: The remote AIX host is missing a security patch. File: aix_IJ03035.nasl - Type: ACT_GATHER_INFO |
| 2018-01-25 | Name: The remote AIX host is missing a security patch. File: aix_IJ03034.nasl - Type: ACT_GATHER_INFO |
