Executive Summary
Summary | |
---|---|
Title | VMware Workstation host privilege escalation vulnerability |
Informations | |||
---|---|---|---|
Name | VMSA-2013-0013 | First vendor Publication | 2013-11-14 |
Vendor | VMware | Last vendor Modification | 2013-11-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 3.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
a. VMware shared library privilege escalation VMware Workstation and VMware Player contain a vulnerability in the handling of shared libraries. This issue may allow a local malicious user to escalate their privileges to root on the host OS. The vulnerability does not allow for privilege escalation from the Guest Operating System to the host or vice-versa. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-5972 to this issue. |
Original Source
Url : http://www.vmware.com/security/advisories/VMSA-2013-0013.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 3 |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2013-11-21 | IAVM : 2013-A-0221 - Multiple Vulnerabilties in VMware Player Severity : Category II - VMSKEY : V0042382 |
2013-11-21 | IAVM : 2013-A-0222 - Multiple Vulnerabilties in VMware Workstation Severity : Category II - VMSKEY : V0042383 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-11-22 | Name : The remote host contains software with a known, local privilege escalation vu... File : vmware_player_linux_5_0_3.nasl - Type : ACT_GATHER_INFO |
2013-11-22 | Name : The remote host contains software with known, local privilege escalation vuln... File : vmware_workstation_linux_9_0_3.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:07:28 |
|
2013-11-25 17:21:15 |
|
2013-11-19 13:34:58 |
|
2013-11-18 13:23:56 |
|
2013-11-15 05:18:40 |
|