Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-4297 | First vendor Publication | 2010-12-06 |
Vendor | Cve | Last vendor Modification | 2018-10-10 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4297 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-20 | Improper Input Validation |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-12-09 | VMware Tools update OS Command Injection |
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple securi... File : nvt/gb_VMSA-2010-0018.nasl |
2010-12-13 | Name : VMware Products Memory Corruption and Buffer Overflow Vulnerability (Win) File : nvt/gb_vmware_prdts_mem_corruption_n_bof_vuln_win.nasl |
2010-12-13 | Name : VMware Products Multiple Local Privilege Escalation Vulnerabilities (Linux) File : nvt/gb_vmware_prdts_mult_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Linux) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_lin.nasl |
2010-12-13 | Name : VMware Products Tools Local Privilege Escalation Vulnerability (Windows) File : nvt/gb_vmware_prdts_tools_loc_prev_escl_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
69590 | VMware Tools Update Guest System Unspecified Arbitrary Command Injection VMware Tools update contains an input validation flaw. This may allow a local attacker to execute commands on the guest operating system with root privileges. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-12-09 | IAVM : 2010-A-0168 - Multiple Vulnerabilities in VMware Products Severity : Category II - VMSKEY : V0025835 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-04-14 | VmWare Tools command injection attempt RuleID : 38243 - Revision : 2 - Type : SERVER-WEBAPP |
2016-04-14 | VmWare Tools command injection attempt RuleID : 38242 - Revision : 2 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0018_remote.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by a security issue. File : macosx_fusion_2_0_8.nasl - Type : ACT_GATHER_INFO |
2010-12-08 | Name : The remote host has an application that is affected by three security issues. File : macosx_fusion_3_1_2.nasl - Type : ACT_GATHER_INFO |
2010-12-07 | Name : The remote host has a virtualization application affected by multiple vulnera... File : vmware_multiple_vmsa_2010_0018.nasl - Type : ACT_GATHER_INFO |
2010-12-06 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0018.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:12:32 |
|
2021-04-22 01:13:28 |
|
2020-05-23 00:26:56 |
|
2018-10-11 00:20:00 |
|
2016-06-28 18:22:53 |
|
2016-04-26 20:14:41 |
|
2016-03-09 13:25:54 |
|
2014-02-17 10:58:40 |
|
2013-11-11 12:39:06 |
|
2013-05-10 23:37:17 |
|