Vulnerability Description
VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | 8.0 |
| Vmware | Player | 4.0 |
| Vmware | Fusion | 4.0 |
| Vmware | Esxi | 3.5 |
| Vmware | Esx | 3.5 |
References
- http://osvdb.org/81695
- http://secunia.com/advisories/49032
- http://www.securityfocus.com/bid/53369
- http://www.securitytracker.com/id?1027019
- http://www.vmware.com/security/advisories/VMSA-2012-0009.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://osvdb.org/81695
- http://secunia.com/advisories/49032
- http://www.securityfocus.com/bid/53369
- http://www.securitytracker.com/id?1027019
- http://www.vmware.com/security/advisories/VMSA-2012-0009.htmlVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75377
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2012-2450?
CVE-2012-2450 is a vulnerability with a CVSS score of 9.0 (HIGH). VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, ...
How severe is CVE-2012-2450?
CVE-2012-2450 has been rated HIGH with a CVSS base score of 9.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2450?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workstation, Vmware Player, Vmware Fusion, Vmware Esxi, Vmware Esx.