CVE-2015-6933

The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors.

CVSS v3 6.3 MEDIUM
CVSS v2.0 6.5 MEDIUM

6.3^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploitability : 2.8 / Impact : 3.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securitytracker.com/id/1034603
http://www.securitytracker.com/id/1034604
http://www.vmware.com/security/advisories/VMSA-2016-0001.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:player:7.0:::::::*
	cpe:2.3:a:vmware:player:7.1:::::::*
	cpe:2.3:a:vmware:player:7.1.1:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:vmware:workstation:11.0:::::::*
	cpe:2.3:a:vmware:workstation:11.1:::::::*
	cpe:2.3:a:vmware:workstation:11.1.1:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:vmware:esxi:5.0:::::::*
	cpe:2.3:o:vmware:esxi:5.0:1::::::
	cpe:2.3:o:vmware:esxi:5.0:2::::::
	cpe:2.3:o:vmware:esxi:5.1:::::::*
	cpe:2.3:o:vmware:esxi:5.1:1::::::
	cpe:2.3:o:vmware:esxi:5.5:::::::*
	cpe:2.3:o:vmware:esxi:6.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:vmware:fusion:7.0:::::::*
	cpe:2.3:a:vmware:fusion:7.1:::::::*
	cpe:2.3:a:vmware:fusion:7.1.1:::::::*

History

No history.

Information

Published : 2016-01-09 02:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-6933

Mitre link : CVE-2015-6933

CVE.ORG link : CVE-2015-6933

JSON object : View

Products Affected

vmware

fusion
player
esxi
workstation

CWE

CWE-284

Improper Access Control

{"id": "CVE-2015-6933", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.8}]}, "published": "2016-01-09T02:59:00.127", "references": [{"url": "http://www.securitytracker.com/id/1034603", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id/1034604", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2016-0001.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors."}, {"lang": "es", "value": "La implementaci\u00f3n VMware Tools HGFS (tambi\u00e9n conocida como Shared Folders) en VMware Workstation 11.x en versiones anteriores a 11.1.2, VMware Player 7.x en versiones anteriores a 7.1.2, VMware Fusion 7.x en versiones anteriores a 7.1.2 y VMware ESXi 5.0 hasta la versi\u00f3n 6.0 permite a usuarios de SO invitado de Windows obtener privilegios de SO invitado o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria del kernel del SO invitado) a trav\u00e9s de vectores no especificados."}], "lastModified": "2016-12-07T18:22:11.523", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:player:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93872771-BD86-4707-926B-F6C3577C33A4"}, {"criteria": "cpe:2.3:a:vmware:player:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B52D8903-B853-43A2-88C3-D79BBA70F8CA"}, {"criteria": "cpe:2.3:a:vmware:player:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78016ED4-AEA7-4E54-8986-E997000CD646"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "492D7AD2-D660-48F5-A9BE-28CCA6A6B658"}, {"criteria": "cpe:2.3:a:vmware:workstation:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90F0250C-EE18-486B-90D7-348FEF01C2D3"}, {"criteria": "cpe:2.3:a:vmware:workstation:11.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1E33E15C-62ED-4E24-AB00-0632C8A90C6E"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2331236-2E9B-4B52-81EE-B52DEB41ACE5"}, {"criteria": "cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C5A1C2B-119E-49F3-B8E6-0610EE1C445C"}, {"criteria": "cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF29B5A4-6E4C-4EAE-BC6A-0DD44262EE35"}, {"criteria": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7217CBE1-3882-4045-A15C-EE7D4174CA00"}, {"criteria": "cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A405802-D786-46F9-9E29-C727F9FD480A"}, {"criteria": "cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "469D98A5-7B8B-41BE-94C6-D6EF25388007"}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC77ADEA-F0B8-4E5D-B965-39397F823075"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:7.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92275180-52FC-48DE-947C-3AE1B87AF2C0"}, {"criteria": "cpe:2.3:a:vmware:fusion:7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9D5FE8B-7826-4690-952A-1FD98B7B9275"}, {"criteria": "cpe:2.3:a:vmware:fusion:7.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2C9E4C16-838C-4302-A4E7-A79878070519"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}