CVE-2017-4945

Summary

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

Affected Software

VendorProductVersion RangeStatus
VMwareWorkstation14.xaffected
VMwareWorkstation12.xaffected
VMwareFusion10.xaffected
VMwareFusion8.xaffected

Weaknesses

  • Guest access control vulnerability

ADP Enrichment

CVE Program Container

Additional References

References