Summary
The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.
Summary
VMware hosted products and ESXi/ESX patches address privilege escalation.
Relevant releases
Workstation 8.0.1 and earlier
Player 4.0.1 and earlier
Fusion 4.1.1 and earlier
ESXi 5.0 without patch ESXi500-201203102-SG
ESXi 4.1 without patch ESXi410-201201402-BG
ESXi 4.0 without patch ESXi400-201203402-BG
ESXi 3.5 without patch ESXe350-201203402-T-BG
ESX 4.1 without patch ESX410-201201401-SG
ESX 4.0 without patch ESX400-201203401-SG
ESX 3.5 without patch ESX350-201203402-BG
Problem Description
a. VMware Tools Incorrect Folder Permissions Privilege Escalation
The access control list of the VMware Tools folder is incorrectly set.
Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.
Solution
Apply the missing patch(es).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1518 -
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2012-0005 VMware vCenter Server, Orchestrator, Update Manager, vShield, vSphere Client, ESXi and ESX address several security issues
- VMSA-2015-0001: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
- VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
- VMSA-2011-0007 VMware ESXi and ESX Denial of Service and third party updates for Likewise components and ESX Service Console
- VMSA-2014-0003 VMware vSphere Client updates address security vulnerabilities