CVE-2012-1515 — Vmware ESX vulnerability

CWE-2643 documents3 sources

Severity

8.3HIGHNVD

EPSS

0.3%

top 49.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware ESX Vmware Esxi

Timeline

PublishedApr 2

Latest updateMay 14

Description

VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not properly implement port-based I/O operations, which allows guest OS users to gain guest OS privileges by overwriting memory locations in a read-only memory block associated with the Virtual DOS Machine.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages2 packages

▶NVDvmware/esxi3.5, 4.0, 4.1+2

▶NVDvmware/esx3.5, 4.0, 4.1+2

🔴Vulnerability Details

GHSA

GHSA-8758-2jw5-f6gw: VMware ESXi 3↗2022-05-14

▶

CVEList

CVE-2012-1515: VMware ESXi 3↗2012-04-02

▶