VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
History

Tue, 17 Sep 2024 14:00:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo

Tue, 03 Sep 2024 14:30:00 +0000

Type Values Removed Values Added
First Time appeared Vmware
Vmware fusion
CPEs cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
Vendors & Products Vmware
Vmware fusion
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 10:00:00 +0000

Type Values Removed Values Added
Description VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
Title Code-execution vulnerability
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2024-09-03T09:47:28.120Z

Updated: 2024-09-05T15:36:52.319Z

Reserved: 2024-06-19T22:31:57.187Z

Link: CVE-2024-38811

cve-icon Vulnrichment

Updated: 2024-09-03T13:43:59.099Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-03T10:15:05.477

Modified: 2024-09-17T13:33:32.957

Link: CVE-2024-38811

cve-icon Redhat

No data.