Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-4915

CWE-863Incorrect Authorization6 documents4 sources
Severity
7.8HIGH
EPSS
11.6%
top 6.37%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Vmware Workstation Pro/playerVmware Workstation PlayerVmware Workstation PRO
Timeline
PublishedMay 22
Latest updateMay 13

Description

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5vmware/workstation_pro/playerAll 12.x versions prior to version 12.5.6

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-g6g4-xjv3-4fxg: VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files2022-05-13
CVEList
CVE-2017-4915: VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files2017-05-22

💥Exploits & PoCs

3
Exploit-DB
VMware Workstation/Player < 12.5.5 - Local Privilege Escalation2018-12-30
Exploit-DB
VMware Workstation - ALSA Config File Local Privilege Escalation (Metasploit)2018-01-05
Exploit-DB
VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation2017-05-22
CVE-2017-4915 (HIGH CVSS 7.8) | VMware Workstation Pro/Player conta | cvebase.io