CVE-2015-5191

6.7MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Tools
Vendor: CVE Published:; 28 July 2017

Summary

VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privilege escalation. CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Version(s)

VMware Tools VMware Tools prior to 10.0.9

References

http://www.securityfocus.com/bid/100011

vdb-entryx_refsource_BID

https://www.vmware.com/security/advisories/VMSA-2017-0013...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1039013

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jul 28, 2017
Vulnerability Reserved
Jul 1, 2015

.