CVE-2012-2450

high

Description

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16852

https://exchange.xforce.ibmcloud.com/vulnerabilities/75377

http://www.vmware.com/security/advisories/VMSA-2012-0009.html

http://www.securitytracker.com/id?1027019

http://www.securityfocus.com/bid/53369

http://secunia.com/advisories/49032

http://osvdb.org/81695

Details

Source: Mitre, NVD

Published: 2012-05-04

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01251