{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38811", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2024-06-19T22:31:57.187Z", "datePublished": "2024-09-03T09:47:28.120Z", "dateUpdated": "2024-09-05T15:36:52.319Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["MacOS"], "product": "Fusion", "vendor": "n/a", "versions": [{"lessThan": "13.6", "status": "affected", "version": "13.x", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable.&nbsp;</span>A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>"}], "value": "VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable.\u00a0A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-09-03T09:47:28.120Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939"}], "source": {"discovery": "UNKNOWN"}, "title": "Code-execution vulnerability", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"affected": [{"vendor": "vmware", "product": "fusion", "cpes": ["cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.0", "status": "affected", "lessThan": "13.6", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-05T03:55:54.392776Z", "id": "CVE-2024-38811", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-05T15:36:52.319Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38811", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-05T03:55:54.392776Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*"], "vendor": "vmware", "product": "fusion", "versions": [{"status": "affected", "version": "13.0", "lessThan": "13.6", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T13:43:59.099Z"}}], "cna": {"title": "Code-execution vulnerability", "source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "n/a", "product": "Fusion", "versions": [{"status": "affected", "version": "13.x", "lessThan": "13.6", "versionType": "custom"}], "platforms": ["MacOS"], "defaultStatus": "unaffected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable.\u00a0A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable.&nbsp;</span>A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.<span style=\"background-color: rgb(255, 255, 255);\"><br><br></span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2024-09-03T09:47:28.120Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38811", "state": "PUBLISHED", "dateUpdated": "2024-09-05T15:36:52.319Z", "dateReserved": "2024-06-19T22:31:57.187Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2024-09-03T09:47:28.120Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF374027-E370-4C67-B45F-A35C8DE3A545", "versionEndExcluding": "13.6", "versionStartIncluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable.\u00a0A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application."}, {"lang": "es", "value": "VMware Fusion (13.x anterior a 13.6) contiene una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo debido al uso de una variable de entorno insegura. Un actor malintencionado con privilegios de usuario est\u00e1ndar puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la aplicaci\u00f3n Fusion."}], "id": "CVE-2024-38811", "lastModified": "2024-09-17T13:33:32.957", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2024-09-03T10:15:05.477", "references": [{"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "security@vmware.com", "type": "Secondary"}]}

{}