Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2010-4297
HistoryDec 06, 2010 - 9:05 p.m.

CVE-2010-4297

2010-12-0621:05:49
CWE-20
[email protected]
web.nvd.nist.gov
6

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

36.6%

JSON

The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a “command injection” issue.

Affected configurations

Nvd
Node
vmwareworkstationMatch6.5.0
OR
vmwareworkstationMatch6.5.1
OR
vmwareworkstationMatch6.5.2
OR
vmwareworkstationMatch6.5.3
OR
vmwareworkstationMatch6.5.5
OR
vmwareworkstationMatch7.0
OR
vmwareworkstationMatch7.0.1
OR
vmwareworkstationMatch7.1
OR
vmwareworkstationMatch7.1.1
OR
vmwareworkstationMatch7.1.2
Node
vmwareplayerMatch2.5
OR
vmwareplayerMatch2.5.1
OR
vmwareplayerMatch2.5.2
OR
vmwareplayerMatch2.5.3
OR
vmwareplayerMatch2.5.4
OR
vmwareplayerMatch2.5.5
OR
vmwareplayerMatch3.1
OR
vmwareplayerMatch3.1.1
OR
vmwareplayerMatch3.1.2
Node
vmwarefusionMatch2.0
OR
vmwarefusionMatch2.0.1
OR
vmwarefusionMatch2.0.2
OR
vmwarefusionMatch2.0.3
OR
vmwarefusionMatch2.0.4
OR
vmwarefusionMatch2.0.5
OR
vmwarefusionMatch2.0.6
OR
vmwarefusionMatch2.0.7
OR
vmwarefusionMatch2.0.8
OR
vmwarefusionMatch3.1
OR
vmwarefusionMatch3.1.1
OR
vmwarefusionMatch3.1.2
OR
vmwareserverMatch2.0.2
Node
vmwareesxiMatch3.5
OR
vmwareesxiMatch4.0
OR
vmwareesxiMatch4.1
Node
vmwareesxMatch3.5
OR
vmwareesxMatch4.0
OR
vmwareesxMatch4.1
VendorProductVersionCPE
vmwareworkstation6.5.0cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:*
vmwareworkstation6.5.1cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:*
vmwareworkstation6.5.2cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:*
vmwareworkstation6.5.3cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:*
vmwareworkstation6.5.5cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:*
vmwareworkstation7.0cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:*
vmwareworkstation7.0.1cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:*
vmwareworkstation7.1cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:*
vmwareworkstation7.1.1cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:*
vmwareworkstation7.1.2cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:*
Rows per page:
1-10 of 381

Related

cvelist 1
openvas 6
exploitpack 1
prion 1
securityvulns 3
exploitdb 1
nessus 5
cve 1
packetstorm 1
zdt 1
vmware 1
cvelist
cvelist
CVE-2010-4297
2010-12-06 21:00:00
openvas
openvas
VMware Products Tools Local Privilege Escalation Vulnerability (Windows)
2010-12-13 00:00:00
VMware Products Local Privilege Escalation Vulnerability (VMSA-2010-0018) - Windows
2010-12-13 00:00:00
VMware Products Local Privilege Escalation Vulnerability (VMSA-2010-0018) - Linux
2010-12-13 00:00:00
exploitpack
exploitpack
VMware Tools - Update OS Command Injection
2010-12-09 00:00:00
prion
prion
Command injection
2010-12-06 21:05:00
securityvulns
securityvulns
Bonsai Information Security - VMware Tools update OS Command Injection
2010-12-10 00:00:00
VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues
2010-12-06 00:00:00
VMWare application multiple security vulnerabilities
2010-12-10 00:00:00
exploitdb
exploitdb
VMware Tools - Update OS Command Injection
2010-12-09 00:00:00
nessus
nessus
VMware ESX / ESXi Tools Update Privilege Escalation (VMSA-2010-0018) (remote check)
2016-03-08 00:00:00
VMware Fusion < 2.0.8 (VMSA-2010-0018)
2010-12-08 00:00:00
VMware Products Multiple Vulnerabilities (VMSA-2010-0018)
2010-12-07 00:00:00
cve
cve
CVE-2010-4297
2010-12-06 21:05:49
packetstorm
packetstorm
VMware Tools Update OS Command Injection
2010-12-09 00:00:00
zdt
zdt
VMware Tools update OS Command Injection
2010-12-10 00:00:00
vmware
vmware
VMware hosted products and ESX patches resolve multiple security issues
2010-12-02 00:00:00

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

36.6%

JSON
Related for NVD:CVE-2010-4297
cvelist1openvas6exploitpack1prion1securityvulns3exploitdb1nessus5cve1packetstorm1zdt1vmware1