cvelistv5 - cve-2014-3793

cve-2014-3793

Vulnerability from cvelistv5

Published

2014-05-31 10:00

Modified

2024-08-06 10:57

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html
	cve@mitre.org	http://secunia.com/advisories/58894
	cve@mitre.org	http://www.securityfocus.com/archive/1/532236/100/0/threaded
	cve@mitre.org	http://www.securitytracker.com/id/1030310
	cve@mitre.org	http://www.securitytracker.com/id/1030311
	cve@mitre.org	http://www.vmware.com/security/advisories/VMSA-2014-0005.html

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:57:17.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html"
          },
          {
            "name": "1030310",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030310"
          },
          {
            "name": "1030311",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030311"
          },
          {
            "name": "20140530 NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/532236/100/0/threaded"
          },
          {
            "name": "58894",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/58894"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html"
        },
        {
          "name": "1030310",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030310"
        },
        {
          "name": "1030311",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030311"
        },
        {
          "name": "20140530 NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/532236/100/0/threaded"
        },
        {
          "name": "58894",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/58894"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3793",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html"
            },
            {
              "name": "1030310",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030310"
            },
            {
              "name": "1030311",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030311"
            },
            {
              "name": "20140530 NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/532236/100/0/threaded"
            },
            {
              "name": "58894",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/58894"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-3793",
    "datePublished": "2014-05-31T10:00:00",
    "dateReserved": "2014-05-20T00:00:00",
    "dateUpdated": "2024-08-06T10:57:17.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3793\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-05-31T11:17:13.560\",\"lastModified\":\"2018-10-09T19:47:30.017\",\"vulnStatus\":\"Modified\",\"evaluatorComment\":\"Per http://cwe.mitre.org/data/definitions/476.html\\n\\\"CWE-476: NULL Pointer Dereference\\\"\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"VMware Tools en VMware Workstation 10.x anterior a 10.0.2, VMware Player 6.x anterior a 6.0.2, VMware Fusion 6.x anterior a 6.0.3 y VMware ESXi 5.0 hasta 5.5, cuando un sistema operativo invitado de Windows 8.1 est\u00e1 utilizado, permite a usuarios del sistema operativo invitado ganar privilegios del sistema operativo invitado o causar una denegaci\u00f3n de servicio (referencia a puntero nulo de kernel y ca\u00edda del sistema operativo invitado) a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4BF84FD-2666-48F4-AEA6-4F2B30AF95BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"184E7883-BBAD-4687-881A-69F0A5341ACA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D2CFDBFB-3776-4615-AF3B-FCBD6840A95F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBDD49B-0083-4743-B4F8-6214FE8F4822\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BEBFD3AF-D8A3-4599-AF42-B47C0A62AA39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D0119B9-916C-4A98-8542-10FFC4F71C80\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35CA413B-AB24-4884-A052-2A30A0CA4E7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2331236-2E9B-4B52-81EE-B52DEB41ACE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C5A1C2B-119E-49F3-B8E6-0610EE1C445C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF29B5A4-6E4C-4EAE-BC6A-0DD44262EE35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7217CBE1-3882-4045-A15C-EE7D4174CA00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A405802-D786-46F9-9E29-C727F9FD480A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"469D98A5-7B8B-41BE-94C6-D6EF25388007\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/58894\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/532236/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1030310\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id/1030311\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2014-0005.html\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Multiple VMware products are prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on the guest operating system. The following products are affected: VMware Workstation 10.x prior to version 10.0.2 VMware Player 6.x prior to version 6.0.2 VMware Fusion 6.x prior to version 6.0.3 ESXi 5.5 without patch ESXi550-201403102-SG ESXi 5.1 without patch ESXi510-201404102-SG ESXi 5.0 without patch ESXi500-201405102-SG. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

VMware Security Advisory

Advisory ID: VMSA-2014-0005 Synopsis: VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation Issue date: 2014-05-29 Updated on: 2014-05-29 (initial advisory) CVE numbers: CVE-2014-3793

Problem Description

  VMware would like to thank Tavis Ormandy from the Google Security
  Team for reporting this issue to us. This means that host
  memory can not be manipulated from the Guest Operating System.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the name CVE-2014-3793 to this issue.

  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is
  available.

  ** Workstation 9.x, Player 5.x and Fusion 5.x do not support
  Windows 8.1 Guest Operating Systems

Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3793

Change Log

2014-05-29 VMSA-2014-0005 Initial security advisory in conjunction with the release of ESXi 5.0 patches on 2014-05-29

Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8

wj8DBQFTiAIMDEcm8Vbi9kMRAgJiAKCI3namsqifeWwPKML6Gk2u+206PgCg2BFN Ik+PbexzXJiOjs0MAzONaw4= =nKGT -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0538",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 2.7,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 2.1,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.0.1"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "10.0.1"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "6.0"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vmware",
        "version": "10.0"
      },
      {
        "model": "workstation",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "10.x"
      },
      {
        "model": "fusion",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "fusion",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "6.x"
      },
      {
        "model": "player",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "player",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "vmware",
        "version": "6.x"
      },
      {
        "model": "esxi esxi500-20131010",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.01"
      },
      {
        "model": "workstation mp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0"
      },
      {
        "model": "workstation build-1379776",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.1"
      },
      {
        "model": "esxi update",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.01"
      },
      {
        "model": "esxi esxi510-20131010",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "player",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.2"
      },
      {
        "model": "esxi esxi550-20140310",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      },
      {
        "model": "esxi esxi500-2014051",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.0"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.02"
      },
      {
        "model": "esxi esxi510-20140410",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "workstation",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "10.0.2"
      },
      {
        "model": "fusion",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "6.0.3"
      },
      {
        "model": "esxi esxi510-20140110",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.1"
      },
      {
        "model": "esxi",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.11"
      },
      {
        "model": "esxi esxi550-20131210",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vmware",
        "version": "5.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Tavis Ormandy from the Google Security Team",
    "sources": [
      {
        "db": "BID",
        "id": "67737"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-3793",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-3793",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-3793",
            "trust": 1.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201405-590",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors. Supplementary information : CWE Vulnerability type by CWE-476: NULL Pointer Dereference (NULL Pointer dereference ) Has been identified. Multiple VMware products are prone to a local privilege-escalation vulnerability. \nLocal attackers can exploit this issue to gain elevated privileges on the guest operating system. \nThe following products are affected:\nVMware Workstation 10.x prior to version 10.0.2\nVMware Player 6.x prior to version 6.0.2\nVMware Fusion 6.x prior to version 6.0.3\nESXi 5.5 without patch ESXi550-201403102-SG\nESXi 5.1 without patch ESXi510-201404102-SG\nESXi 5.0 without patch ESXi500-201405102-SG. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- -------------------------------------------------------------------------\nVMware Security Advisory\n\nAdvisory ID: VMSA-2014-0005\nSynopsis: VMware Workstation, Player, Fusion, and ESXi patches address\na guest privilege escalation\nIssue date:  2014-05-29\nUpdated on:  2014-05-29 (initial advisory)\nCVE numbers: CVE-2014-3793\n- -------------------------------------------------------------------------\n\n1. \n\n2. Problem Description\n\n   a. \n\n      VMware would like to thank Tavis Ormandy from the Google Security\n      Team for reporting this issue to us. This means that host\n      memory can not be manipulated from the Guest Operating System. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the name CVE-2014-3793 to this issue. \n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is\n      available. \n\n      ** Workstation 9.x, Player 5.x and Fusion 5.x do not support\n      Windows 8.1 Guest Operating Systems\n\n4. Solution\n\n   Please review the patch/release notes for your product and version\n   and verify the checksum of your downloaded file. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3793\n\n- -------------------------------------------------------------------------\n\n6. Change Log\n\n   2014-05-29 VMSA-2014-0005\n   Initial security advisory in conjunction with the release of\n   ESXi 5.0 patches on 2014-05-29\n\n- -------------------------------------------------------------------------\n \n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n   * security-announce at lists.vmware.com\n   * bugtraq at securityfocus.com\n   * fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTiAIMDEcm8Vbi9kMRAgJiAKCI3namsqifeWwPKML6Gk2u+206PgCg2BFN\nIk+PbexzXJiOjs0MAzONaw4=\n=nKGT\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "db": "BID",
        "id": "67737"
      },
      {
        "db": "PACKETSTORM",
        "id": "126869"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-3793",
        "trust": 2.8
      },
      {
        "db": "PACKETSTORM",
        "id": "126869",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "58894",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1030311",
        "trust": 1.0
      },
      {
        "db": "SECTRACK",
        "id": "1030310",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "67737",
        "trust": 0.3
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "db": "PACKETSTORM",
        "id": "126869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "id": "VAR-201405-0538",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.5
  },
  "last_update_date": "2022-05-04T09:12:23.053000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "VMSA-2014-0005",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0005.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-Other",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.9,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1030310"
      },
      {
        "trust": 1.0,
        "url": "http://secunia.com/advisories/58894"
      },
      {
        "trust": 1.0,
        "url": "http://www.securitytracker.com/id/1030311"
      },
      {
        "trust": 1.0,
        "url": "http://packetstormsecurity.com/files/126869/vmware-security-advisory-2014-0005.html"
      },
      {
        "trust": 1.0,
        "url": "http://www.securityfocus.com/archive/1/532236/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3793"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3793"
      },
      {
        "trust": 0.3,
        "url": "http://www.vmware.com"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadfusion"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3793"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2075521"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2065832"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadworkstation"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2070666"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/downloadplayer"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "db": "PACKETSTORM",
        "id": "126869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "67737"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "db": "PACKETSTORM",
        "id": "126869"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-29T00:00:00",
        "db": "BID",
        "id": "67737"
      },
      {
        "date": "2014-06-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "date": "2014-05-31T00:00:43",
        "db": "PACKETSTORM",
        "id": "126869"
      },
      {
        "date": "2014-05-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      },
      {
        "date": "2014-05-31T11:17:00",
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-29T00:00:00",
        "db": "BID",
        "id": "67737"
      },
      {
        "date": "2014-06-16T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      },
      {
        "date": "2014-06-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      },
      {
        "date": "2018-10-09T19:47:00",
        "db": "NVD",
        "id": "CVE-2014-3793"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  VMware Product  VMware Tools Guest in  OS Vulnerabilities that have been granted permission",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002691"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-590"
      }
    ],
    "trust": 0.6
  }
}

gsd-2014-3793

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-3793

Aliases

CVE-2014-3793

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-3793",
    "description": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.",
    "id": "GSD-2014-3793"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-3793"
      ],
      "details": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.",
      "id": "GSD-2014-3793",
      "modified": "2023-12-13T01:22:53.637975Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-3793",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html",
            "refsource": "CONFIRM",
            "url": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html"
          },
          {
            "name": "1030310",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030310"
          },
          {
            "name": "1030311",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1030311"
          },
          {
            "name": "20140530 NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/532236/100/0/threaded"
          },
          {
            "name": "58894",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/58894"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-3793"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html"
            },
            {
              "name": "1030310",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030310"
            },
            {
              "name": "58894",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/58894"
            },
            {
              "name": "1030311",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1030311"
            },
            {
              "name": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html"
            },
            {
              "name": "20140530 NEW VMSA-2014-0005 - VMware Workstation, Player, Fusion, and ESXi patches address a guest privilege escalation",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/532236/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": true,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:47Z",
      "publishedDate": "2014-05-31T11:17Z"
    }
  }
}

ghsa-75q2-28c3-jc72

Vulnerability from github

Published

2022-05-14 02:52

Modified

2022-05-14 02:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-3793"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-05-31T11:17:00Z",
    "severity": "MODERATE"
  },
  "details": "VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows guest OS users to gain guest OS privileges or cause a denial of service (kernel NULL pointer dereference and guest OS crash) via unspecified vectors.",
  "id": "GHSA-75q2-28c3-jc72",
  "modified": "2022-05-14T02:52:37Z",
  "published": "2022-05-14T02:52:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3793"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/126869/VMware-Security-Advisory-2014-0005.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/58894"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/532236/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030310"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1030311"
    },
    {
      "type": "WEB",
      "url": "http://www.vmware.com/security/advisories/VMSA-2014-0005.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2014-3793

Vulnerability from cvelistv5

var-201405-0538

Vulnerability from variot

gsd-2014-3793

Vulnerability from gsd

ghsa-75q2-28c3-jc72

Vulnerability from github

Tags

Sightings

Nomenclature