CVE-2013-1406

Description

The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.

Risk Information

Base Score

7.8

MODERATE

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.743

Associated Vulnerability

Vulnerability	OS Platform
Vulnerabilities CVE-2012-1518,CVE-2012-2449,CVE-2012-3288,CVE-2013-1406 are affected in VMware Fusion for MAC 4.1	Mac
Vulnerabilities CVE-2012-1518,CVE-2012-2449,CVE-2012-3288,CVE-2013-1406 are affected in VMware Fusion for MAC 4.1.1	Mac
Vulnerabilities CVE-2012-2449,CVE-2012-3288,CVE-2013-1406 are affected in VMware Fusion for MAC 4.1.2	Mac
Vulnerabilities CVE-2013-1406 are affected in VMware Fusion for MAC 4.1.3	Mac
Vulnerabilities CVE-2013-1406,CVE-2013-3519,CVE-2014-1208 are affected in VMware Fusion for MAC 5.0	Mac
Vulnerabilities CVE-2013-1406,CVE-2013-3519 are affected in VMware Fusion for MAC 5.0.1	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234