CVE-2015-1043 : The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMwa

The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.

Published 2015-01-29 18:59:03

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2015-1043

Vmware » Workstation » Version: 10.0.1
cpe:2.3:a:vmware:workstation:10.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 10.0.2
cpe:2.3:a:vmware:workstation:10.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 10.0
cpe:2.3:a:vmware:workstation:10.0:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 10.0.4
cpe:2.3:a:vmware:workstation:10.0.4:*:*:*:*:*:*:*
Matching versions
Vmware » Workstation » Version: 10.0.3
cpe:2.3:a:vmware:workstation:10.0.3:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 6.0
cpe:2.3:a:vmware:player:6.0:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 6.0.1
cpe:2.3:a:vmware:player:6.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 6.0.3
cpe:2.3:a:vmware:player:6.0.3:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 6.0.4
cpe:2.3:a:vmware:player:6.0.4:*:*:*:*:*:*:*
Matching versions
Vmware » Player » Version: 6.0.2
cpe:2.3:a:vmware:player:6.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 6.0.1
cpe:2.3:a:vmware:fusion:6.0.1:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 6.0.2
cpe:2.3:a:vmware:fusion:6.0.2:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 6.0
cpe:2.3:a:vmware:fusion:6.0:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 6.0.3
cpe:2.3:a:vmware:fusion:6.0.3:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 6.0.4
cpe:2.3:a:vmware:fusion:6.0.4:*:*:*:*:*:*:*
Matching versions
Vmware » Fusion » Version: 7.0
cpe:2.3:a:vmware:fusion:7.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2015-1043

Top countries where our scanners detected CVE-2015-1043

Top open port discovered on systems with this issue 443

IPs affected by CVE-2015-1043 44

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2015-1043!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2015-1043

EPSS FAQ

0.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-1043

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
3.3	LOW	AV:A/AC:L/Au:N/C:N/I:N/A:P	6.5	2.9	NIST
Access Vector: Adjacent Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2015-1043

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-1043

http://www.securityfocus.com/bid/72337

Multiple VMware Products CVE-2015-1043 Denial Of Service Vulnerability
Third Party Advisory;VDB Entry
http://www.vmware.com/security/advisories/VMSA-2015-0001.html

VMSA-2015-0001.2
Patch;Vendor Advisory

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/100934

Multiple VMware products HGFS denial of service CVE-2015-1043 Vulnerability Report
http://www.securitytracker.com/id/1031644

VMware Workstation/Player/Fusion HGFS Bug Lets Local Guest Users Deny Service - SecurityTracker
Third Party Advisory;VDB Entry
http://secunia.com/advisories/62551

Sign in

CVEs referencing this url