Local Privilege Escalation Vulnerability in VMware Tools by VMware
CVE-2015-5191

6.7MEDIUM

Key Information:

Vendor
Vmware
Status
Vmware Tools
Vendor
CVE Published:
28 July 2017

Summary

VMware Tools versions prior to 10.0.9 are susceptible to multiple file system race conditions in libDeployPkg. These vulnerabilities stem from the use of hard-coded paths under the /tmp directory. Successful exploitation could allow attackers with local access to escalate their privileges, gaining unauthorized access to system resources or sensitive data. It is crucial for users of VMware Tools to upgrade to the latest versions and apply the necessary security patches to mitigate these risks.

Affected Version(s)

VMware Tools VMware Tools prior to 10.0.9

References

http://www.securityfocus.com/bid/100011
vdb-entryx_refsource_BID
https://www.vmware.com/security/advisories/VMSA-2017-0013...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039013
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.