VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:N/I:P/A:N
Vendors Products
Vmware
  • Workstation
  • Fusion
Apple
  • Mac Os X

Configuration 1 [-]

OR cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:12.5.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*

Configuration 2 [-]

AND
OR cpe:2.3:a:vmware:fusion:8.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.9:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.10:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.1:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
References
Link Resource
http://www.securityfocus.com/bid/102441 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040109 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040136 Third Party Advisory VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html Patch Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2018-01-04T00:00:00

Updated: 2018-01-13T10:57:01

Reserved: 2016-12-26T00:00:00

Link: CVE-2017-4945

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-01-05T14:29:10.467

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-4945

JSON object: View

cve-icon Redhat Information

No data.

CWE