CVE-2015-2341 — Improper Input Validation in Vmware Fusion

CWE-20 — Improper Input Validation3 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.7%

top 27.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Player Vmware Workstation

Timeline

PublishedJun 13

Latest updateMay 17

Description

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDvmware/fusion10 versions+9

▶NVDvmware/player6 versions+5

▶NVDvmware/workstation5 versions+4

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-h2cj-472m-p2pg: VMware Workstation 10↗2022-05-17

▶

CVEList

CVE-2015-2341: VMware Workstation 10↗2015-06-13

▶