Untrusted search path in VMware Workstation - CVE-2017-4915
Published: May 22, 2017 / Updated: June 17, 2021
Vulnerability identifier: #VU6616
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-4915
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vendor: VMware, Inc
Affected software:
VMware Workstation
VMware Workstation
Detailed vulnerability description
The vulnerability allows a local attacker to gain root privileges on a Linux host machine.
The weakness exists due to untrusted search path. A local attacker who is able to change configuration can load library via ALSA sound driver configuration files, gain elevated privileges and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in full system compromise.
The weakness exists due to untrusted search path. A local attacker who is able to change configuration can load library via ALSA sound driver configuration files, gain elevated privileges and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in full system compromise.
How to mitigate CVE-2017-4915
Update to version 12.5.6.