CVE-2008-1392

{"id": "CVE-2008-1392", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-20T00:44:00.000", "references": [{"url": "http://lists.vmware.com/pipermail/security-announce/2008/000008.html", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-201209-25.xml", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/3755", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/489739/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/28276", "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2008-0005.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/player2/doc/releasenotes_player2.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41551", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}]}], "descriptions": [{"lang": "en", "value": "The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto de VMware Workstation 6.0.2, VMware Player versiones 2.0.x anteriores a 2.0.3, y VMware ACE versiones 2.0.x anteriores a 2.0.1 permite el acceso a la consola del sistema operativo cliente mediante llamadas an\u00f3nimas a la interfaz de programaci\u00f3n de aplicaciones VIX, teniendo un impacto y vectores de ataque desconocidos."}], "lastModified": "2018-10-11T20:33:16.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9191386-10C0-48A2-B70C-6A047347B5A1", "versionEndIncluding": "2.0"}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "389DA24B-6865-428D-8630-837A0D589891", "versionEndIncluding": "2.0.2"}, {"criteria": "cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6DFFE01E-BD0A-432E-B47C-D68DAADDD075"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}