Detections
Analytics
VMware Fusion 4.x < 4.1.2 (VMSA-2012-0007)
high Nessus Plugin ID 58792
Language:
Synopsis
The remote host has a virtualization application affected by a local privilege escalation vulnerability.Description
The version of VMware Fusion 4.x installed on the Mac OS X host is earlier than 4.1.2. As such, it is reportedly affected by a local privilege escalation vulnerability because the access control list of the VMware Tools folder is incorrectly set.By exploiting this issue, a local attacker could elevate his privileges on Windows-based Guest Operating Systems.
Solution
Upgrade to VMware Fusion 4.1.2 or later.In addition to patching, VMware Tools must be updated on all Windows guest VMs in order to completely mitigate the vulnerability.
See Also
http://www.vmware.com/security/advisories/VMSA-2012-0007.html
http://lists.vmware.com/pipermail/security-announce/2012/000172.html
Plugin Details
Severity: High
ID: 58792
File Name: macosx_fusion_4_1_2.nasl
Version: 1.8
Type: local
Agent: macosx
Family: MacOS X Local Security Checks
Published: 4/19/2012
Updated: 7/14/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.5
CVSS v2
Risk Factor: High
Base Score: 7.2
Temporal Score: 6
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:vmware:fusion
Required KB Items: Host/local_checks_enabled, MacOSX/Fusion/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 4/12/2012
Vulnerability Publication Date: 4/12/2012
Exploitable With
CANVAS (White_Phosphorus)
Reference Information
CVE: CVE-2012-1518
BID: 53006
VMSA: 2012-0007