Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2017-4915

Published: 22/05/2017 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 730
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Vmware

Vulnerability Summary

VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware workstation_player 12.0.0

vmware workstation_pro 12.0.0

Exploits

Exploit DB: VMWare Workstation On Linux Privilege Escalation
This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one at ~/asoundrc libasound is not designed to run in a setuid context and deli ...
Exploit DB: VMware Workstation/Player < 12.5.5 - Local Privilege Escalation
#!/bin/bash ################################################################################ # VMware Workstation Local Privilege Escalation exploit (CVE-2017-4915) # # - wwwvmwarecom/security/advisories/VMSA-2017-0009html # # - wwwexploit-dbcom/exploits/42045/ # # ...
Exploit DB: VMware Workstation for Linux 12.5.2 build-4638234 - ALSA Configuration Host Local Privilege Escalation
/* Source: bugschromiumorg/p/project-zero/issues/detail?id=1142 This vulnerability permits an unprivileged user on a Linux machine on which VMWare Workstation is installed to gain root privileges The issue is that, for VMs with audio, the privileged VM host process loads libasound, which parses ALSA configuration files, including one a ...

References

CWE-863https://www.vmware.com/security/advisories/VMSA-2017-0009.htmlhttp://www.securityfocus.com/bid/98566http://www.securitytracker.com/id/1038525https://www.exploit-db.com/exploits/42045/https://nvd.nist.govhttps://packetstormsecurity.com/files/142625/VMWare-Workstation-On-Linux-Privilege-Escalation.htmlhttps://www.exploit-db.com/exploits/47171
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21987buffer overflowCVE-2024-28890CVE-2024-27574CVE-2024-27347CVE-2024-31450privilegeSSTICVE-2024-31666
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook