CVE-2014-8370

Name: CVE-2014-8370
Creator: NVD / NIST
Published: 2015-01-29T18:59:00.047+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.19%

Last modified Jun 17, 2026

CVE-2014-8370 is a vulnerability of currently unknown severity. VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.. EPSS estimates a 4.19% chance of exploitation in the next 30 days.

Description

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial of service (arbitrary write to a file) by modifying a configuration file.

Metrics

EPSS Probability

4.19%

89.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Vmware	Player	6.0
Vmware	Player	6.0.1
Vmware	Player	6.0.2
Vmware	Player	6.0.3
Vmware	Player	6.0.4
Vmware	Fusion	6.0
Vmware	Fusion	6.0.1
Vmware	Fusion	6.0.2
Vmware	Fusion	6.0.3
Vmware	Fusion	6.0.4
Vmware	Workstation	10.0
Vmware	Workstation	10.0.1
Vmware	Workstation	10.0.2
Vmware	Workstation	10.0.3
Vmware	Workstation	10.0.4
Vmware	Esxi	5.0
Vmware	Esxi	5.1
Vmware	Esxi	5.5

References

http://jvn.jp/en/jp/JVN88252465/index.htmlThird Party Advisory, VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007Third Party Advisory, VDB Entry
http://secunia.com/advisories/62551
http://secunia.com/advisories/62605
http://secunia.com/advisories/62669
http://www.securityfocus.com/bid/72338Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1031642Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1031643Third Party Advisory, VDB Entry
http://www.vmware.com/security/advisories/VMSA-2015-0001.htmlPatch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100933
http://jvn.jp/en/jp/JVN88252465/index.htmlThird Party Advisory, VDB Entry
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000007Third Party Advisory, VDB Entry
http://secunia.com/advisories/62551
http://secunia.com/advisories/62605
http://secunia.com/advisories/62669
http://www.securityfocus.com/bid/72338Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1031642Third Party Advisory, VDB Entry
http://www.securitytracker.com/id/1031643Third Party Advisory, VDB Entry
http://www.vmware.com/security/advisories/VMSA-2015-0001.htmlPatch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/100933

Timeline

Published: Jan 29, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2014-8370?

How severe is CVE-2014-8370?

Severity scoring for CVE-2014-8370 is pending analysis. The EPSS model estimates a 4.19% probability of exploitation in the next 30 days.

How do I fix CVE-2014-8370?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-8370?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST