VMware vulnerability in NAT networking

Credit: Tim Shelton
Risk: Medium
Local: Yes
Remote: No
CWE: CWE-119

CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 VULNERABILITY SUMMARY A vulnerability has been discovered in vmnat.exe on Windows hosts and vmnet-natd on Linux systems. The vulnerability makes it possible for a malicious guest using a NAT networking configuration to execute unwanted code on the host machine. AFFECTED SYSTEMS: VMware Workstation, VMware GSX Server, VMware ACE, and VMware Player. RESOLUTION: VMware believes that the vulnerability is very serious, and recommends that affected users update their products to the new releases or change the configuration of the virtual machine so it does not use NAT networking. The new releases are now available for download at www.vmware.com/download If you choose not to update your product but want to ensure that the NAT service is not available, you can disable it completely on VMware Workstation or VMware GSX Server by following the instructions in the Knowledge Base article (Answer ID 2002) at http://www.vmware.com/support/kb. VMware thanks Tim Shelton of ACS Security Assessment Engineering, Affiliated Computer Services, Inc., for reporting this vulnerability. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDpz6bLsZLrftG15MRAkZFAKDi0bKef1EY0jsRPGjHgqNgegU6FQCdFJUZ 8IsO2kOVTmwHSMbAGSRN1qw= =nmuM

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023, cxsecurity.com


Back to Top