CVE-2010-1138

CVSS V2 Medium 5 CVSS V3 None

Description

The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware Server 2.x, and VMware Fusion 3.0 before 3.0.1 build 232708 and 2.x before 2.0.7 build 246742 allows remote attackers to obtain sensitive information from memory on the host OS by examining received network packets, related to interaction between the guest OS and the host vmware-vmx process.

Overview

CVE ID
CVE-2010-1138

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2010-04-12T18:30:00

Last Modified Date
2013-05-15T03:07:56

Weakness Enumerations

CWE	URL
CWE-200	http://cwe.mitre.org/data/definitions/200.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
		AND
cpe:2.3:a:vmware:workstation:7.0:::::::*	1	OR
		AND
cpe:2.3:a:vmware:workstation:6.5.0:::::::*	1	OR
cpe:2.3:a:vmware:workstation:6.5.1:::::::*	1	OR
cpe:2.3:a:vmware:workstation:6.5.2:::::::*	1	OR
cpe:2.3:a:vmware:workstation:6.5.3:::::::*	1	OR
cpe:2.3:o:microsoft:windows::::::::	0	OR
		AND
cpe:2.3:a:vmware:player:3.0:::::::*	1	OR
		AND
cpe:2.3:a:vmware:player:2.5:::::::*	1	OR
cpe:2.3:a:vmware:player:2.5.1:::::::*	1	OR
cpe:2.3:a:vmware:player:2.5.2:::::::*	1	OR
cpe:2.3:a:vmware:player:2.5.3:::::::*	1	OR
cpe:2.3:o:microsoft:windows::::::::	0	OR
		AND
cpe:2.3:a:vmware:ace:2.5.0:::::::*	1	OR
cpe:2.3:a:vmware:ace:2.5.1:::::::*	1	OR
cpe:2.3:a:vmware:ace:2.5.2:::::::*	1	OR
cpe:2.3:a:vmware:ace:2.5.3:::::::*	1	OR
cpe:2.3:a:vmware:ace:2.6:::::::*	1	OR
		AND
cpe:2.3:a:vmware:server:2.0.0:::::::*	1	OR
cpe:2.3:a:vmware:server:2.0.1:::::::*	1	OR
cpe:2.3:a:vmware:server:2.0.2:::::::*	1	OR
		AND
cpe:2.3:a:vmware:fusion:2.0:::::::*	1	OR
cpe:2.3:a:vmware:fusion:2.0.1:::::::*	1	OR
cpe:2.3:a:vmware:fusion:2.0.2:::::::*	1	OR
cpe:2.3:a:vmware:fusion:2.0.3:::::::*	1	OR
cpe:2.3:a:vmware:fusion:2.0.4:::::::*	1	OR
cpe:2.3:a:vmware:fusion:2.0.5:::::::*	1	OR
cpe:2.3:a:vmware:fusion:2.0.6:::::::*	1	OR
cpe:2.3:a:vmware:fusion:3.0:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector
NETWORK

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
PARTIAL

Integrity Impact
NONE

Availability Impact
NONE

Base Score
5

Severity
MEDIUM

Exploitability Score
10

Impact Score
2.9

References

Reference URL	Reference Tags
http://secunia.com/advisories/39215	Vendor Advisory
http://secunia.com/advisories/39203	Vendor Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.html
http://secunia.com/advisories/39206	Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2010-04/0077.html
http://lists.vmware.com/pipermail/security-announce/2010/000090.html	Patch Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0007.html	Patch Vendor Advisory
http://osvdb.org/63607
http://www.securitytracker.com/id?1023836
http://www.securityfocus.com/bid/39395
http://security.gentoo.org/glsa/glsa-201209-25.xml

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2010-1138
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1138

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 10:45:20				Added to TrackCVE