CVE-2008-1392 — Vmware ACE vulnerability

CWE-163 documents3 sources

Severity

10.0CRITICALNVD

EPSS

0.9%

top 24.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ACE Vmware Player Vmware Workstation

Timeline

PublishedMar 20

Latest updateMay 1

Description

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDvmware/player2.0.2

▶NVDvmware/vmware_workstation6.0.2

▶NVDvmware/ace2.0

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-74vx-v5xg-4w53: The default configuration of VMware Workstation 6↗2022-05-01

▶

CVEList

CVE-2008-1392: The default configuration of VMware Workstation 6↗2008-03-20

▶