CVE-2022-31705
https://notcve.org/view.php?id=CVE-2022-31705
VMware ESXi, Workstation, and Fusion contain a heap out-of-bounds write vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. VMware ESXi, Workstation y Fusion contienen una vulnerabilidad de escritura fuera de los límites en el controlador USB 2.0 (EHCI). Un actor malintencionado con privilegios administrativos locales en una máquina virtual puede aprovechar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host. • https://www.vmware.com/security/advisories/VMSA-2022-0033.html • CWE-787: Out-of-bounds Write •
CVE-2020-3999 – VMware Workstation SetGuestInfo Null Pointer Dereference Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2020-3999
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition. VMware ESXi (versiones 7.0 anteriores a ESXi70U1c-17325551), VMware Workstation (versiones 16.x anteriores a 16.0 y versiones 15.x anteriores a 15.5.7), VMware Fusion (versiones 12.x anteriores a 12.0 y versiones 11.x anteriores a 11.5.7) y VMware Cloud Foundation contienen una vulnerabilidad de denegación de servicio debido a una comprobación inapropiada de la entrada en GuestInfo. Un actor malicioso con acceso privilegiado de usuario normal para una máquina virtual puede bloquear el proceso vmx de la máquina virtual y causar una condición de denegación de servicio This vulnerability allows local attackers to create a denial-of-service condition on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the SetGuestInfo RPC function. • https://www.vmware.com/security/advisories/VMSA-2020-0029.html • CWE-20: Improper Input Validation •
CVE-2017-5753 – Multiple CPUs - 'Spectre' Information Disclosure
https://notcve.org/view.php?id=CVE-2017-5753
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. Los sistemas con microprocesadores con ejecución especulativa y predicción de ramas podrían permitir la revelación no autorizada de información al atacante con acceso de usuario local mediante un análisis de un canal lateral. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. • https://www.exploit-db.com/exploits/43427 https://github.com/sachinthaBS/Spectre-Vulnerability-CVE-2017-5753- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html http://nvidia.custhe • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVE-2017-16544 – Nexans FTTO GigaSwitch Outdated Components / Hardcoded Backdoor
https://notcve.org/view.php?id=CVE-2017-16544
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. En la función add_match en libbb/lineedit.c en BusyBox hasta la versión 1.27.2, la característica de autocompletar pestañas del shell, empleada para obtener una lista de nombres de archivo en un directorio, no inmuniza los nombres de archivo. Esto conduce a la ejecución de cualquier secuencia de escape en el terminal. Esto podría resultar en la ejecución de código, escrituras arbitrarias de archivos u otros ataques. • http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html http://seclists.org/fulldisclosure/2019/Jun/18 http://seclists.org/fulldisclosure/2019/Sep/7 http://seclists.org/fulldisclosure/2020/Aug/20 http://seclists.org/fulldisclosure/2020/Mar/15 http://seclists.org/fulldisclosure • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2013-1406 – VMware Virtual Machine Communication Interface (VMCI) - 'vmci.sys'
https://notcve.org/view.php?id=CVE-2013-1406
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors. La implementación en vmci.sys en el Virtual Machine Communication Interface (VMCI) en VMware Workstation v8.x anterior a v8.0.5 y v9.x anterior a v9.0.1 para Windows, VMware Fusion v4.1 anterior a v4.1.4 y 5.0 anterior a v5.0.2, VMware View v4.x anterior a v4.6.2 y v5.x anterior a v5.1.2 para Windows, VMware ESXi v4.0 a la v5.1, y VMware ESX v4.0 y v4.1, no restringe adecuadamente la asignación de memoria por control código, lo que permite a usuarios locales elevar sus privilegios a través de vectores no especificados. • https://www.exploit-db.com/exploits/40164 http://www.vmware.com/security/advisories/VMSA-2013-0002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17164 • CWE-20: Improper Input Validation •