Summary
The remote ESXi is missing one or more security related Updates from VMSA-2012-0007.
Summary
VMware hosted products and ESXi/ESX patches address privilege escalation.
Relevant releases
Workstation 8.0.1 and earlier
Player 4.0.1 and earlier
Fusion 4.1.1 and earlier
ESXi 5.0 without patch ESXi500-201203102-SG
ESXi 4.1 without patch ESXi410-201201402-BG
ESXi 4.0 without patch ESXi400-201203402-BG
ESXi 3.5 without patch ESXe350-201203402-T-BG
ESX 4.1 without patch ESX410-201201401-SG
ESX 4.0 without patch ESX400-201203401-SG
ESX 3.5 without patch ESX350-201203402-BG
Problem Description
a. VMware Tools Incorrect Folder Permissions Privilege Escalation
The access control list of the VMware Tools folder is incorrectly set.
Exploitation of this issue may lead to local privilege escalation on Windows-based Guest Operating Systems.
Solution
Apply the missing patch(es).
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-1518 -
CVSS Base Score: 8.3
AV:A/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- VMSA-2012-0009 VMware Workstation, Player, ESXi and ESX patches address critical security issues
- VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolve multiple security issues
- VMSA-2013-0012 VMware vSphere updates address multiple vulnerabilities
- VMSA-2012-0013 VMware vSphere and vCOps updates to third party libraries.
- VMSA-2010-0018 VMware hosted products and ESX patches resolve multiple security issues