VMware Studio 2.x < 2.1 Multiple Vulnerabilities

medium Nessus Plugin ID 52013

Synopsis

The remote VMware host is missing one or more security-related patches.

Description

The version of VMware Studio installed on the remote host is 2.x prior to 2.1. It is, therefore, potentially affected by multiple vulnerabilities :

- An authenticated code execution vulnerability exists in the Virtual Appliance Management Infrastructure.
(CVE-2010-2667)

- A local privilege escalation vulnerability exists.
(CVE-2010-2427)

Solution

Upgrade to VMware Studio 2.1.0 or later.

See Also

http://www.vmware.com/security/advisories/VMSA-2010-0011.html

http://lists.vmware.com/pipermail/security-announce/2010/000101.html

Plugin Details

Severity: Medium

ID: 52013

File Name: vmware_VMSA-2010-0011.nasl

Version: 1.14

Type: local

Family: Misc.

Published: 10/23/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.4

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:vmware:studio

Required KB Items: Host/VMware Studio/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 7/13/2010

Vulnerability Publication Date: 7/13/2010

Reference Information

CVE: CVE-2010-2427, CVE-2010-2667

BID: 41566, 41568

VMSA: 2010-0011