CVE-2015-5191

CWE-362Race Condition8 documents7 sources
Severity
6.7MEDIUM
EPSS
0.1%
top 79.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware ToolsVmware Vmware Tools
Timeline
PublishedJul 28
Latest updateMay 17

Description

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

NVDvmware/tools10.0.8
CVEListV5vmware/vmware_toolsVMware Tools prior to 10.0.9
Debianopen-vm-tools< 2:10.1.5-5055683-5+3

🔴Vulnerability Details

3
GHSA
GHSA-4vr2-36wr-v82r: VMware Tools prior to 102022-05-17
OSV
CVE-2015-5191: VMware Tools prior to 102017-07-28
CVEList
CVE-2015-5191: VMware Tools prior to 102017-07-28

📋Vendor Advisories

2
Red Hat
open-vm-tools: /tmp race conditions in the libDeployPkg component2017-07-24
Debian
CVE-2015-5191: open-vm-tools - VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg...2015

💬Community

2
Bugzilla
CVE-2015-5191 open-vm-tools: /tmp race conditions in the libDeployPkg component [fedora-all]2017-07-25
Bugzilla
CVE-2015-5191 open-vm-tools: /tmp race conditions in the libDeployPkg component2015-08-14
CVE-2015-5191 (MEDIUM CVSS 6.7) | VMware Tools prior to 10.0.9 contai | cvebase.io