CVE-2015-1044

LOW
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of service via unspecified vectors.

References

http://secunia.com/advisories/62551

http://secunia.com/advisories/62569

http://secunia.com/advisories/62669

http://www.securityfocus.com/bid/72336

http://www.securitytracker.com/id/1031645

http://www.securitytracker.com/id/1031646

http://www.vmware.com/security/advisories/VMSA-2015-0001.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/100935

Details

Source: MITRE

Published: 2015-01-29

Updated: 2017-09-08

Risk Information

CVSS v2

Base Score: 3.3

Vector: AV:A/AC:L/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.5

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:5.0:1:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:5.0:2:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:5.1:*:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:5.1:1:*:*:*:*:*:*

cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
81187VMware Workstation 10.x < 10.0.5 Multiple Vulnerabilities (VMSA-2015-0001 / VMSA-2015-0004) (Windows)NessusWindows
medium
81186VMware Workstation 10.x < 10.0.5 Multiple Vulnerabilities (VMSA-2015-0001) (Linux)NessusGeneral
critical
81185VMware Player 6.x < 6.0.5 Multiple Vulnerabilities (VMSA-2015-0001) (Windows)NessusWindows
medium
81184VMware Player 6.x < 6.0.5 Multiple Vulnerabilities (VMSA-2015-0001) (Linux)NessusGeneral
medium
81085ESXi 5.5 < Build 2352327 Multiple Vulnerabilities (remote check) (POODLE)NessusMisc.
medium
81084ESXi 5.1 < Build 1743201 Multiple Vulnerabilities (remote check)NessusMisc.
medium
81079VMSA-2015-0001 : VMware vCenter Server, ESXi, Workstation, Player, and Fusion updates address security issues (POODLE)NessusVMware ESX Local Security Checks
low