Lucene search

Kaspersky LabKLA20112

HistoryDec 13, 2022 - 12:00 a.m.

KLA20112 ACE vulnerability in VMware Workstation

2022-12-1300:00:00

Kaspersky Lab

threats.kaspersky.com

vmware workstation

vulnerability

arbitrary code execution

denial of service

out of bounds write

exploitation

public exploits

cve-2022-31705

update

affected products

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.9

Confidence

High

EPSS

Percentile

12.8%

JSON

Out of bounds write vulnerability was found in VMware Workstation. Malicious users can exploit this vulnerability to execute arbitrary code, cause denial of service.

Original advisories

VMSA-2022-0033

Exploitation

Public exploits exist for this vulnerability.

Related products

VMware-Workstation

CVE list

CVE-2022-31705 critical

Solution

Update to the latest version

Download VMware Workstation

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.