Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-1662

CWE-2645 documents4 sources
Severity
6.9MEDIUM
EPSS
6.1%
top 9.19%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Vmware PlayerVmware Workstation
Timeline
PublishedAug 24
Latest updateMay 17

Description

vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages2 packages

NVDvmware/player11 versions+10
NVDvmware/workstation12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-xx33-73cr-ffp7: vmware-mount in VMware Workstation 82022-05-17
CVEList
CVE-2013-1662: vmware-mount in VMware Workstation 82013-08-24

💥Exploits & PoCs

2
Exploit-DB
VMware - Setuid VMware-mount Unsafe popen(3) (Metasploit)2013-08-29
Exploit-DB
VMware - Setuid VMware-mount Popen lsb_release Privilege Escalation2013-08-22
CVE-2013-1662 (MEDIUM CVSS 6.9) | vmware-mount in VMware Workstation | cvebase.io