CVE-2012-2450

3 documents3 sources
Severity
9.0CRITICAL
EPSS
1.3%
top 20.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Vmware ESXVmware EsxiVmware Fusion+2 more
Timeline
PublishedMay 4
Latest updateMay 17

Description

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 8.0 | Impact: 10.0

Affected Packages5 packages

NVDvmware/esxi4 versions+3
NVDvmware/fusion5 versions+4
NVDvmware/player4.0, 4.0.1, 4.0.2+2
NVDvmware/workstation8.0, 8.0.1, 8.0.2+2
NVDvmware/esx3.5, 4.0, 4.1+2

🔴Vulnerability Details

2
GHSA
GHSA-pr45-2j7r-cvjx: VMware Workstation 82022-05-17
CVEList
CVE-2012-2450: VMware Workstation 82012-05-04
CVE-2012-2450 (CRITICAL CVSS 9) | VMware Workstation 8.x before 8.0.3 | cvebase.io