VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
Metrics
Affected Vendors & Products
References
History
Tue, 17 Sep 2024 14:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo |
Tue, 03 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vmware
Vmware fusion |
|
CPEs | cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:* | |
Vendors & Products |
Vmware
Vmware fusion |
|
Metrics |
ssvc
|
Tue, 03 Sep 2024 10:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application. | |
Title | Code-execution vulnerability | |
Weaknesses | CWE-20 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2024-09-03T09:47:28.120Z
Updated: 2024-09-05T15:36:52.319Z
Reserved: 2024-06-19T22:31:57.187Z
Link: CVE-2024-38811
Vulnrichment
Updated: 2024-09-03T13:43:59.099Z
NVD
Status : Analyzed
Published: 2024-09-03T10:15:05.477
Modified: 2024-09-17T13:33:32.957
Link: CVE-2024-38811
Redhat
No data.