#VU6616 Untrusted search path in VMware Workstation - CVE-2017-4915
Published: May 22, 2017 / Updated: June 17, 2021
Vulnerability identifier: #VU6616
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear
CVE-ID: CVE-2017-4915
CWE-ID: CWE-426
Exploitation vector: Local access
Exploit availability:
Public exploit is available
Vulnerable software:
VMware Workstation
VMware Workstation
Software vendor:
VMware, Inc
VMware, Inc
Description
The vulnerability allows a local attacker to gain root privileges on a Linux host machine.
The weakness exists due to untrusted search path. A local attacker who is able to change configuration can load library via ALSA sound driver configuration files, gain elevated privileges and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in full system compromise.
The weakness exists due to untrusted search path. A local attacker who is able to change configuration can load library via ALSA sound driver configuration files, gain elevated privileges and execute arbitrary code on the system.
Successful exploitation of the vulnerability may result in full system compromise.
Remediation
Update to version 12.5.6.