Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2267

5 documents5 sources

Severity

6.9MEDIUM

EPSS

2.6%

top 14.51%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware ACE Vmware ESX Vmware Esxi +4 more

Timeline

PublishedNov 2

Latest updateMay 2

Description

VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, VMware ACE 2.5.x before 2.5.3 build 185404, VMware Server 1.x before 1.0.10 build 203137 and 2.x before 2.0.2 build 203138, VMware Fusion 2.x before 2.0.6 build 196839, VMware ESXi 3.5 and 4.0, and VMware ESX 2.5.5, 3.0.3, 3.5, and 4.0, when Virtual-8086 mode is used, do not properly set the exception code upon a page fault (aka #PF) exception, which allows guest OS users to gain privileges on the …

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages7 packages

▶NVDvmware/esxi3.5, 4.0+1

▶NVDvmware/fusion6 versions+5

▶NVDvmware/player2.5, 2.5.1, 2.5.2+2

▶NVDvmware/server12 versions+11

▶NVDvmware/workstation6.5.0, 6.5.1, 6.5.2+2

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-r3rg-38gc-7x9q: VMware Workstation 6↗2022-05-02

▶

CVEList

CVE-2009-2267: VMware Workstation 6↗2009-11-02

▶

VulnCheck

VMware Products Guest Privilege Escalation Vulnerability↗2009

▶

💥Exploits & PoCs

Exploit-DB

VMware Virtual 8086 - Linux Local Ring0↗2009-10-27

▶