CVE-2014-8370
First published: Thu Jan 29 2015(Updated: )
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Player | =6.0 | |
| VMware Player | =6.0.1 | |
| VMware Player | =6.0.2 | |
| VMware Player | =6.0.3 | |
| VMware Player | =6.0.4 | |
| VMware Fusion Pro | =6.0 | |
| VMware Fusion Pro | =6.0.1 | |
| VMware Fusion Pro | =6.0.2 | |
| VMware Fusion Pro | =6.0.3 | |
| VMware Fusion Pro | =6.0.4 | |
| VMware Workstation | =10.0 | |
| VMware Workstation | =10.0.1 | |
| VMware Workstation | =10.0.2 | |
| VMware Workstation | =10.0.3 | |
| VMware Workstation | =10.0.4 | |
| VMware ESXi | =5.0 | |
| VMware ESXi | =5.0-1 | |
| VMware ESXi | =5.0-2 | |
| VMware ESXi | =5.1 | |
| VMware ESXi | =5.1-1 | |
| VMware ESXi | =5.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jvn.jp/en/jp/JVN88252465/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007
- http://secunia.com/advisories/62551
- http://secunia.com/advisories/62605
- http://secunia.com/advisories/62669
- http://www.securityfocus.com/bid/72338
- http://www.securitytracker.com/id/1031642
- http://www.securitytracker.com/id/1031643
- http://www.vmware.com/security/advisories/VMSA-2015-0001.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100933
Frequently Asked Questions
What is the severity of CVE-2014-8370?
CVE-2014-8370 is considered a high severity vulnerability allowing host OS users to gain privileges or cause a denial of service.
How do I fix CVE-2014-8370?
To fix CVE-2014-8370, upgrade to the patched versions of VMware Workstation, Fusion, Player, or ESXi as specified in VMware's advisory.
What software is affected by CVE-2014-8370?
CVE-2014-8370 affects VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi versions 5.0 through 5.5.
Can CVE-2014-8370 lead to data breach?
Yes, CVE-2014-8370 can potentially lead to data breaches due to unauthorized host OS privilege escalation.
Is there a workaround for CVE-2014-8370?
There are no specific workarounds for CVE-2014-8370; upgrading to the latest version is the recommended remediation.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/author
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/vmware
- canonical/vmware player
- version/vmware player/6.0
- version/vmware player/6.0.1
- version/vmware player/6.0.2
- version/vmware player/6.0.3
- version/vmware player/6.0.4
- canonical/vmware fusion pro
- version/vmware fusion pro/6.0
- version/vmware fusion pro/6.0.1
- version/vmware fusion pro/6.0.2
- version/vmware fusion pro/6.0.3
- version/vmware fusion pro/6.0.4
- canonical/vmware workstation
- version/vmware workstation/10.0
- version/vmware workstation/10.0.1
- version/vmware workstation/10.0.2
- version/vmware workstation/10.0.3
- version/vmware workstation/10.0.4
- canonical/vmware esxi
- version/vmware esxi/5.0
- version/vmware esxi/5.0-1
- version/vmware esxi/5.0-2
- version/vmware esxi/5.1
- version/vmware esxi/5.1-1
- version/vmware esxi/5.5