VMware ESX / ESXi Tools Folder Incorrect ACL Privilege Escalation (VMSA-2012-0007) (remote check)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote VMware ESXi / ESX host is missing a security-related patch.

Description :

The remote ESX/ESXi host is missing a security-related patch. It is,
therefore, affected by a privilege escalation vulnerability due to the
use of an incorrect Access Control List (ACL) for the VMware Tools
folder. An adjacent attacker can exploit this to gain elevated
privileges on Windows-based guest operating systems.

See also :

https://www.vmware.com/security/advisories/VMSA-2012-0007.html

Solution :

Apply the appropriate patch according to the vendor advisory.

Risk factor :

High / CVSS Base Score : 8.3
(CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.5
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 89108 ()

Bugtraq ID: 53006

CVE ID: CVE-2012-1518

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now