CVE-2024-10228

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-10228
The Vagrant VMWare Utility Windows installer targeted a custom location with a non-protected path that could be modified by an unprivileged user, introducing potential for unauthorized file system writes. This vulnerability, CVE-2024-10228, was fixed in Vagrant VMWare Utility 1.0.23

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:hashicorp:vagrant_vmware_utility:*:*:*:*:*:windows:*:*
History

07 Nov 2024, 17:12

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 3.8 		v2 : unknown
v3 : 3.3
First Time Hashicorp
Hashicorp vagrant Vmware Utility
CPE cpe:2.3:a:hashicorp:vagrant_vmware_utility:*:*:*:*:*:windows:*:*
References () https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user - () https://discuss.hashicorp.com/t/hcsec-2024-25-vagrant-vmware-utility-installation-files-vulnerable-to-modification-by-unprivileged-user - Vendor Advisory

01 Nov 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) El instalador de Windows de Vagrant VMWare Utility apuntaba a una ubicación personalizada con una ruta no protegida que podía ser modificada por un usuario sin privilegios, lo que generaba la posibilidad de escrituras no autorizadas en el sistema de archivos. Esta vulnerabilidad, CVE-2024-10228, se corrigió en Vagrant VMWare Utility 1.0.23

29 Oct 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-29 22:15

Updated : 2024-11-07 17:12

NVD link : CVE-2024-10228

Mitre link : CVE-2024-10228

CVE.ORG link : CVE-2024-10228

JSON object : View

Products Affected

hashicorp

  • vagrant_vmware_utility
CWE
CWE-732

Incorrect Permission Assignment for Critical Resource


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024