VMware ESX / ESXi Tools Update Privilege Escalation (VMSA-2010-0018) (remote check)

High Nessus Plugin ID 89744


The remote VMware ESX / ESXi host is missing a security-related patch.


The remote VMware ESX / ESXi host is missing a security-related patch.
It is, therefore, affected by an unspecified flaw in the Tools update functionality due to improper validation of user-supplied input. A local attacker with host operating system access can exploit this flaw to gain root privileges on the guess operating system.


Apply the appropriate patch as referenced in the vendor advisory that pertains to ESX version 3.5 / 4.0 / 4.1 or ESXi version 3.5 / 4.0 / 4.1.

See Also


Plugin Details

Severity: High

ID: 89744

File Name: vmware_VMSA-2010-0018_remote.nasl

Version: $Revision: 1.5 $

Type: remote

Published: 2016/03/08

Modified: 2016/08/16

Dependencies: 57396

Risk Information

Risk Factor: High


Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:vmware:esx, cpe:/o:vmware:esxi

Required KB Items: Host/VMware/version, Host/VMware/release

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/12/02

Vulnerability Publication Date: 2010/12/02

Reference Information

CVE: CVE-2010-4297

BID: 45166

OSVDB: 69590

VMSA: 2010-0018

IAVA: 2010-A-0168