CVE-2016-5330

Published Aug 8, 2016

Last updated 3 years ago

CVSS high 7.8

Overview

Description: Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.4
Impact score: 6.4
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-426

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CB2D70B-0044-42DB-B823-CC7EF5D836E3",
            "versionEndExcluding": "12.1.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F922894-BCAF-4807-8D2F-439578088E6B",
            "versionEndExcluding": "12.1.1",
            "versionStartIncluding": "12.1.0"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5D37AF0-1CE9-413B-B2CD-67ABA217185B",
            "versionEndIncluding": "6.0",
            "versionStartIncluding": "5.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2197947-1CFC-4A5E-ACED-3EABD2BADB80",
            "versionEndExcluding": "8.1.1",
            "versionStartIncluding": "8.1"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2449175-330C-47FE-9AE6-BA7AD91D3DA0",
            "versionEndIncluding": "10.3.22",
            "versionStartIncluding": "9.0.0"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References