Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3281 — Vmware Fusion vulnerability

CWE-2645 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.2%

top 59.99%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Vmware Fusion

Timeline

PublishedOct 16

Latest updateMay 2

Description

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

▶NVDvmware/fusion2.0.5+10

🔴Vulnerability Details

GHSA

GHSA-5x7c-p595-fhwh: The vmx86 kernel extension in VMware Fusion before 2↗2022-05-02

▶

CVEList

CVE-2009-3281: The vmx86 kernel extension in VMware Fusion before 2↗2009-10-16

▶

💥Exploits & PoCs

Exploit-DB

UnrealIRCd 3.2.8.1 - Backdoor Command Execution (Metasploit)↗2010-12-05

▶

Exploit-DB

VMware Fusion 2.0.5 - vmx86 kext Kernel Privilege Escalation↗2009-10-02

▶