CVE-2008-1392

critical VMware
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
0.9%
Exploitation probability in 30 days
Top 25% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: March 20, 2008 (6629 days ago)
Last Modified: April 23, 2026
Vendor: VMware
Source: NVD

Description

The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.

CWE

CWE-16

Affected Products

vmware acevmware playervmware vmware workstation

References

🔗 lists.vmware.com 🔗 security.gentoo.org 🔗 securityreason.com 🔗 www.securityfocus.com 🔗 www.securityfocus.com