CVE-2024-38811

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*

History

17 Sep 2024, 13:33

Type Values Removed Values Added
References () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939 - () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939 - Vendor Advisory
First Time Vmware fusion
Vmware
CPE cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.8
CWE NVD-CWE-noinfo
Summary
  • (es) VMware Fusion (13.x anterior a 13.6) contiene una vulnerabilidad de ejecución de código debido al uso de una variable de entorno insegura. Un actor malintencionado con privilegios de usuario estándar puede aprovechar esta vulnerabilidad para ejecutar código en el contexto de la aplicación Fusion.

03 Sep 2024, 10:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-03 10:15

Updated : 2024-09-17 13:33


NVD link : CVE-2024-38811

Mitre link : CVE-2024-38811

CVE.ORG link : CVE-2024-38811


JSON object : View

Products Affected

vmware

  • fusion
CWE
NVD-CWE-noinfo CWE-20

Improper Input Validation