CVE-2012-2450 in Workstationinfo

Summary

by MITRE

VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, VMware Fusion 4.x before 4.1.2, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 do not properly register SCSI devices, which allows guest OS users to cause a denial of service (invalid write operation and VMX process crash) or possibly execute arbitrary code on the host OS by leveraging administrative privileges on the guest OS.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 03/24/2021

This vulnerability affects multiple VMware virtualization products including workstation player fusion and esxi/esx hypervisors. The core issue lies in improper SCSI device registration mechanisms that create security boundaries which can be exploited by malicious actors. When guest operating systems attempt to interact with SCSI devices through the virtualized environment, the hypervisor fails to properly validate device registration states leading to critical system instability. The vulnerability stems from insufficient input validation and state management within the virtual SCSI subsystem that governs how virtual devices communicate with the host operating system.

The technical flaw manifests when guest OS users with administrative privileges attempt to manipulate SCSI device configurations through virtualized storage interfaces. This improper handling results in invalid memory write operations that crash the VMX process responsible for managing virtual machine execution. The vulnerability can be exploited to trigger either denial of service conditions that force system crashes or more severe arbitrary code execution scenarios that allow attackers to escalate privileges and execute malicious code on the host system. The root cause is classified as a buffer overflow or memory corruption issue that occurs during device state transitions within the virtual SCSI layer.

The operational impact of this vulnerability is significant for organizations relying on VMware virtualization platforms. Attackers with limited guest access can potentially cause complete system outages through denial of service attacks that crash virtual machines and associated host processes. More critically, the arbitrary code execution capability allows for privilege escalation attacks that could compromise entire host systems and enable attackers to gain unauthorized access to sensitive data and resources. This vulnerability affects a broad range of VMware products across different operating systems and deployment scenarios, making it particularly dangerous for enterprise environments.

Mitigation strategies should include immediate patching of affected VMware products to version 8.0.3 or later for workstation player and fusion, and appropriate updates for esxi and esx systems. Organizations should implement strict guest OS access controls and privilege management to limit administrative access within virtual machines. Network segmentation and monitoring solutions should be deployed to detect anomalous SCSI device activity that might indicate exploitation attempts. Security teams should also consider disabling unnecessary virtual SCSI devices and implementing regular vulnerability assessments of virtual environments to identify similar registration and state management issues. The vulnerability aligns with CWE-121 and CWE-122 categories related to buffer overflow conditions and improper input validation, and represents a typical attack vector categorized under ATT&CK technique T1059 for command and script execution.

Reservation

05/01/2012

Disclosure

05/04/2012

Moderation

accepted

Entry

VDB-5325

CPE

ready

EPSS

0.02492

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!