Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-0177

CWE-3994 documents4 sources
Severity
5.0MEDIUM
EPSS
14.0%
top 5.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Vmware ACEVmware FusionVmware Vmware Player+2 more
Timeline
PublishedJan 20
Latest updateMay 2

Description

vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

NVDvmware/fusion2.0.1
NVDvmware/vmware_player2.5.1+17
NVDvmware/server2.0.0
NVDvmware/ace2.5.1+1

Patches

Patch: lists.vmware.comPatch: seclists.orgPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-mxv5-rp33-2rv9: vmwarebase2022-05-02
CVEList
CVE-2009-0177: vmwarebase2009-01-20

💥Exploits & PoCs

1
Exploit-DB
VMware 2.5.1 - 'VMware-authd' Remote Denial of Service2009-01-02
CVE-2009-0177 (MEDIUM CVSS 5) | vmwarebase.dll | cvebase.io