CVE-2014-4200 — Insecure Temporary File in Vmware Workstation

CWE-264 CWE-377 — Insecure Temporary File CWE-732 — Incorrect Permission Assignment9 documents7 sources

Severity

4.7MEDIUMNVD

EPSS

0.0%

top 87.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Open-vm-tools Vmware Workstation Vmware Vm-support

Timeline

PublishedAug 28

Latest updateMay 17

Description

vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensitive information by extracting files from this archive.

CVSS vector

AV:L/AC:M/C:C/I:N/A:NExploitability: 3.4 | Impact: 6.9

Affected Packages3 packages

▶NVDvmware/vm-support0.88

▶Debianvmware/open-vm-tools< 2:9.4.6-1770165-1+3

▶NVDvmware/workstation10.0.3+3

🔴Vulnerability Details

GHSA

GHSA-959q-xwwj-g697: vm-support 0↗2022-05-17

▶

CVEList

CVE-2014-4200: vm-support 0↗2014-08-28

▶

OSV

CVE-2014-4200: vm-support 0↗2014-08-28

▶

📋Vendor Advisories

Red Hat

open-vm-tools: vm-support's diagnostics archive created with world-readable permissions↗2014-08-26

▶

Debian

CVE-2014-4200: open-vm-tools - vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through ...↗2014

▶

💬Community

Bugzilla

CVE-2014-4200 CVE-2014-4199 open-vm-tools: various flaws [epel-6]↗2014-11-20

▶

Bugzilla

CVE-2014-4200 CVE-2014-4199 open-vm-tools: various flaws [fedora-all]↗2014-11-20

▶

Bugzilla

CVE-2014-4200 open-vm-tools: vm-support's diagnostics archive created with world-readable permissions↗2014-11-20

▶