漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Improper authorisation vulnerability
Vulnerability Description
VMware Tools for Windows contains an improper authorisation vulnerability due to the way it handles user access controls. A malicious actor with non-administrative privileges on a guest VM, who is already authenticated through vCenter or ESX may exploit this issue to access other guest VMs. Successful exploitation requires knowledge of credentials of the targeted VMs and vCenter or ESX.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Vulnerability Type
授权机制不正确
Vulnerability Title
VMware Tools for Windows 安全漏洞
Vulnerability Description
VMware Tools for Windows是美国威睿(VMware)公司的一套基于Windows平台的、VMWare虚拟机自带的增强工具,它是VMware提供的用于增强虚拟显卡和硬盘性能、以及同步虚拟机与主机时钟的驱动程序。 VMware Tools for Windows存在安全漏洞,该漏洞源于用户访问控制处理不当,可能导致已通过vCenter或ESX认证的恶意攻击者访问其他客户虚拟机。
CVSS Information
N/A
Vulnerability Type
N/A