Vulnerabilities > CVE-2010-2667 - Remote Arbitrary Command Execution vulnerability in VMWare Studio 2.0

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

vmware

nessus

NVD

Published: 2010-07-22

Updated: 2018-10-10

Summary

Multiple unspecified vulnerabilities in the Virtual Appliance Management Infrastructure (VAMI) in VMware Studio 2.0 allow remote authenticated users to execute arbitrary commands via vectors involving (1) the Studio virtual appliance or (2) a virtual appliance created by the Studio virtual appliance.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Studio 2.0	1

Nessus

NASL family	Misc.
NASL id	VMWARE_VMSA-2010-0011.NASL
description	The version of VMware Studio installed on the remote host is 2.x prior to 2.1. It is, therefore, potentially affected by multiple vulnerabilities : - An authenticated code execution vulnerability exists in the Virtual Appliance Management Infrastructure. (CVE-2010-2667) - A local privilege escalation vulnerability exists. (CVE-2010-2427)
last seen	2020-06-01
modified	2020-06-02
plugin id	52013
published	2013-10-23
reporter	This script is (C) 2013-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52013
title	VMware Studio 2.x < 2.1 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(52013); script_version("1.13"); script_cvs_date("Date: 2018/08/06 14:03:16"); script_cve_id("CVE-2010-2427", "CVE-2010-2667"); script_bugtraq_id(41566, 41568); script_xref(name:"VMSA", value:"2010-0011"); script_name(english:"VMware Studio 2.x < 2.1 Multiple Vulnerabilities"); script_summary(english:"Looks for version of VMware Studio"); script_set_attribute( attribute:"synopsis", value: "The remote VMware host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The version of VMware Studio installed on the remote host is 2.x prior to 2.1. It is, therefore, potentially affected by multiple vulnerabilities : - An authenticated code execution vulnerability exists in the Virtual Appliance Management Infrastructure. (CVE-2010-2667) - A local privilege escalation vulnerability exists. (CVE-2010-2427)"); script_set_attribute( attribute:"see_also", value:"http://www.vmware.com/security/advisories/VMSA-2010-0011.html" ); script_set_attribute( attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2010/000101.html" ); script_set_attribute(attribute:"solution", value:"Upgrade to VMware Studio 2.1.0 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:studio"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/07/13"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/23"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is (C) 2013-2018 Tenable Network Security, Inc."); script_family(english:"Misc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/VMware Studio/Version"); script_require_ports("Services/ssh", 22); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("Host/VMware Studio/Version"); if (version =~ '^2\\.' && ver_compare(ver:version, fix:'2.1.0') < 0) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : 2.1.0\n'; security_warning(port:0, extra:report); } else security_warning(0); exit(0); } else audit(AUDIT_INST_VER_NOT_VULN, 'VMware Studio', version);

Summary

Vulnerable Configurations

Nessus

References