CVE-2012-2450

CVSS V2 High 9 CVSS V3 None
Description
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
Overview
  • CVE ID
  • CVE-2012-2450
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2012-05-04T16:55:01
  • Last Modified Date
  • 2017-12-14T02:29:03
Weakness Enumerations
CWE URL
NVD-CWE-Other http://cwe.mitre.org/data/definitions/NVD-Other.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:vmware:workstation:8.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:8.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:workstation:8.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:player:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:4.0.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:4.0.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:vmware:fusion:4.1.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:3.5:1:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.0:1:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.0:2:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.0:3:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.0:4:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.1:1:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:4.1:2:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esxi:5.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esx:3.5:update1:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esx:3.5:update2:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esx:3.5:update3:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:vmware:esx:4.1:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:C/I:C/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 9
  • Severity
  • HIGH
  • Exploitability Score
  • 8
  • Impact Score
  • 10
References
Reference URL Reference Tags
http://www.vmware.com/security/advisories/VMSA-2012-0009.html Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16852
http://osvdb.org/81695
https://exchange.xforce.ibmcloud.com/vulnerabilities/75377
http://www.securityfocus.com/bid/53369
http://www.securitytracker.com/id?1027019
http://secunia.com/advisories/49032
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2012-2450
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2450
History
Created Old Value New Value Data Type Notes
2022-05-10 08:09:12 Added to TrackCVE