CVE-2014-4199 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.3 UNKNOWN	LOCAL	MEDIUM		AV:L/AC:M/Au:N/C:N/I:C/A:C
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 8%

Vendor	Product	Version
vmware	tools	*
vmware	vm-support	0.88
vmware	workstation	𝑥 ≤ 10.0.3
vmware	workstation	10.0
vmware	workstation	10.0.1
vmware	workstation	10.0.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

open-vm-tools

bullseye (security)	2:11.2.5-2+deb11u3 fixed
bullseye	2:11.2.5-2+deb11u3 fixed
squeeze	no-dsa
wheezy	no-dsa
bookworm	2:12.2.0-1+deb12u2 fixed
bookworm (security)	2:12.2.0-1+deb12u2 fixed
sid	2:12.4.5-1 fixed
trixie	2:12.4.5-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

open-vm-tools

noble	not-affected
mantic	not-affected
lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
bionic	not-affected
xenial	not-affected
trusty	needed

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://seclists.org/fulldisclosure/2014/Aug/71

http://www.osvdb.org/110458

http://www.securitytracker.com/id/1030758

https://exchange.xforce.ibmcloud.com/vulnerabilities/95493

http://seclists.org/fulldisclosure/2014/Aug/71

http://www.osvdb.org/110458

http://www.securitytracker.com/id/1030758

https://exchange.xforce.ibmcloud.com/vulnerabilities/95493