Summary
The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.
Summary
VMware hosted products and ESXi/ESX patches address privilege escalation.
Relevant releases
Workstation 8.0.1 and earlier
Player 4.0.1 and earlier
Fusion 4.1.1 and earlier
ESXi 5.0 without patch ESXi500-201203102-SG
ESXi 4.1 without patch ESXi410-201201402-BG
ESXi 4.0 without patch ESXi400-201203402-BG
ESXi 3.5 without patch ESXe350-201203402-T-BG
ESX 4.1 without patch ESX410-201201401-SG
ESX 4.0 without patch ESX400-201203401-SG
ESX 3.5 without patch ESX350-201203402-BG
Problem Description
a. VMware Tools Incorrect Folder Permissions Privilege Escalation
The access control list of the VMware Tools folder is incorrectly set.
Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.
Solution
Apply the missing patch(es).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1518 -
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2012-0011 VMware Workstation, Player, Fusion, ESXi and ESX patches address security issues.
- VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
- VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX
- VMSA-2015-0001: VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues
- VMSA-2012-0006 VMware ESXi and ESX address several security issues