CVE-2010-4297

CVSS V2 High 7.2 CVSS V3 None
Description
The VMware Tools update functionality in VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548; VMware Player 2.5.x before 2.5.5 build 328052 and 3.1.x before 3.1.2 build 301548; VMware Server 2.0.2; VMware Fusion 2.x before 2.0.8 build 328035 and 3.1.x before 3.1.2 build 332101; VMware ESXi 3.5, 4.0, and 4.1; and VMware ESX 3.0.3, 3.5, 4.0, and 4.1 allows host OS users to gain privileges on the guest OS via unspecified vectors, related to a "command injection" issue.
Overview
  • CVE ID
  • CVE-2010-4297
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2010-12-06T21:05:49
  • Last Modified Date
  • 2018-10-10T20:08:03
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:vmware:workstation:6.5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:6.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:6.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:6.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:6.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:7.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:7.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:7.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:7.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:7.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:2.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:2.5.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:2.5.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:2.5.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:2.5.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:2.5.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:3.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:3.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:2.0.8:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:3.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:3.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:3.1.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:server:2.0.2:*:*:*:*:*:*:* 0 OR
cpe:2.3:a:vmware:esxi:3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:esxi:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:esxi:4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:esx:3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:esx:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:esx:4.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:L/AC:L/Au:N/C:C/I:C/A:C
  • Access Vector
  • LOCAL
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.2
  • Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 10
History
Created Old Value New Value Data Type Notes
2022-05-10 18:30:12 Added to TrackCVE