| Vulnerability Name: | CVE-2013-1406 (CCN-81947) |
| Assigned: | 2013-02-07 |
| Published: | 2013-02-07 |
| Updated: | 2017-09-19 |
| Summary: | The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.
|
| CVSS v3 Severity: | 5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)| Exploitability Metrics: | Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None | | Scope: | Scope (S): Unchanged
| | Impact Metrics: | Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low |
|
| CVSS v2 Severity: | 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None | | Impact Metrics: | Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete |
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)| Exploitability Metrics: | Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
| | Impact Metrics: | Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial |
|
| Vulnerability Type: | CWE-20
|
| Vulnerability Consequences: | Gain Privileges |
| References: | Source: MITRE
Type: CNA
CVE-2013-1406
Source: CCN
Type: SA52131
VMware Multiple Products VMCI Privilege Escalation Vulnerability
Source: CCN
Type: BID-57867
Multiple VMware Products CVE-2013-1406 Local Privilege Escalation Vulnerability
Source: CCN
Type: VMSA-2013-0002
VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability
Source: CONFIRM
Type: Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2013-0002.html
Source: XF
Type: UNKNOWN
vmware-vmci-priv-esc(81947)
Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:17164
|
| Vulnerable Configuration: | Configuration 1:
cpe:/a:vmware:workstation:8.0:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:8.0.0.18997:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:8.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:8.0.1.27038:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:8.0.2:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:8.0.3:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:8.0.4:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:9.0:*:*:*:*:*:*:*AND cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*
Configuration 2:
cpe:/a:vmware:fusion:4.1:*:*:*:*:*:*:*OR cpe:/a:vmware:fusion:4.1.1:*:*:*:*:*:*:*OR cpe:/a:vmware:fusion:4.1.2:*:*:*:*:*:*:*OR cpe:/a:vmware:fusion:4.1.3:*:*:*:*:*:*:*OR cpe:/a:vmware:fusion:5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:fusion:5.0.1:*:*:*:*:*:*:*
Configuration 3:
cpe:/a:vmware:view:4.0.0:*:*:*:*:*:*:*OR cpe:/a:vmware:view:4.0.0:u2:*:*:*:*:*:*OR cpe:/a:vmware:view:4.5:*:*:*:*:*:*:*OR cpe:/a:vmware:view:4.6.0:*:*:*:*:*:*:*OR cpe:/a:vmware:view:4.6.1:*:*:*:*:*:*:*OR cpe:/a:vmware:view:5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:view:5.0.0:*:*:*:*:*:*:*OR cpe:/a:vmware:view:5.0.0:u2:*:*:*:*:*:*OR cpe:/a:vmware:view:5.0.1:*:*:*:*:*:*:*OR cpe:/a:vmware:view:5.1.0:*:*:*:*:*:*:*OR cpe:/a:vmware:view:5.1.1:*:*:*:*:*:*:*AND cpe:/o:microsoft:windows:*:*:*:*:*:*:*:*
Configuration 4:
cpe:/o:vmware:esxi:4.0:*:*:*:*:*:*:*OR cpe:/o:vmware:esxi:4.0:1:*:*:*:*:*:*OR cpe:/o:vmware:esxi:4.0:2:*:*:*:*:*:*OR cpe:/o:vmware:esxi:4.0:3:*:*:*:*:*:*OR cpe:/o:vmware:esxi:4.0:4:*:*:*:*:*:*OR cpe:/o:vmware:esxi:4.1:*:*:*:*:*:*:*OR cpe:/o:vmware:esxi:4.1:1:*:*:*:*:*:*OR cpe:/o:vmware:esxi:4.1:2:*:*:*:*:*:*OR cpe:/o:vmware:esxi:5.0:*:*:*:*:*:*:*OR cpe:/o:vmware:esxi:5.0:1:*:*:*:*:*:*OR cpe:/o:vmware:esxi:5.0:2:*:*:*:*:*:*OR cpe:/o:vmware:esxi:5.1:*:*:*:*:*:*:*
Configuration 5:
cpe:/o:vmware:esx:4.0:*:*:*:*:*:*:*OR cpe:/o:vmware:esx:4.1:*:*:*:*:*:*:*
Configuration CCN 1:
cpe:/a:vmware:esx_server:4.0:*:*:*:*:*:*:*OR cpe:/a:vmware:esxi:4.0:*:*:*:*:*:*:*OR cpe:/a:vmware:esxi:4.1:*:*:*:*:*:*:*OR cpe:/a:vmware:view:4.0.0:*:*:*:*:*:*:*OR cpe:/o:vmware:esxi:5.0:*:*:*:*:*:*:*OR cpe:/a:vmware:fusion:4.0:*:*:*:*:*:*:*OR cpe:/a:vmware:fusion:4.1:*:*:*:*:*:*:*OR cpe:/a:vmware:workstation:8.0:*:*:*:*:*:*:*
 Denotes that component is vulnerable |
| Oval Definitions |
| Definition ID | Class | Title | Last Modified |
|---|
| oval:org.mitre.oval:def:20352 | V | VMware ESX, Workstation, Fusion, and View VMCI privilege escalation vulnerability | 2014-01-20 | | oval:org.mitre.oval:def:17164 | V | VMware Workstation, View address a vulnerability in the VMCI.SYS driver which could result in a privilege escalation on Windows-based hosts and on Windows-based Guest Operating Systems | 2013-07-29 |
|
| BACK |