VMware ESXi Tools Guest OS Privilege Escalation (VMSA-2014-0005)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi host is missing a security-related patch.

Description :

The remote VMware ESXi host is affected by a privilege escalation
vulnerability due to a NULL pointer dereference flaw in VMware Tools
running on Microsoft Windows 8.1. An attacker on an adjacent network
can exploit this issue to gain elevated privileges within the guest
operating system or else cause the guest operating system to crash.

See also :

https://www.vmware.com/security/advisories/VMSA-2014-0005
http://lists.vmware.com/pipermail/security-announce/2014/000247.html

Solution :

Apply the appropriate patch according to the vendor advisory that
pertains to ESXi version 5.0 / 5.1 / 5.5.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:A/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Misc.

Nessus Plugin ID: 87677 ()

Bugtraq ID: 67737

CVE ID: CVE-2014-3793

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now