CVE-2024-38811 HIGH

CVE-2024-38811: Code-execution vulnerability

Vendor N/A
Product Fusion
Weakness CWE-20 · Input validation
Published September 3, 2024
Last update September 5, 2024

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.

Key dates

02Disclosure timeline

September 3, 2024 CVE published
September 5, 2024 Record updated