Kaspersky LabKLA12190KLA12190 Multiple vulnerabilities in VMware Workstation and VMware Player
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.9%
Multiple out-of-bounds read vulnerabilities were found in VMware Workstation and VMware Player. Malicious users can exploit this vulnerability to obtain sensitive information, cause denial of service.
Original advisories
Related products
CVE list
CVE-2021-21989 high
CVE-2021-21988 high
CVE-2021-21987 high
Solution
Update to the latest version
Impacts
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- DoS
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Affected Products
- VMware Workstation 16.x earlier than 16.1.2VMware Player 16.x earlier than 16.1.2
Related
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.9%