{"api_version":"1","generated_at":"2026-05-13T08:05:16+00:00","cve":"CVE-2008-1392","urls":{"html":"https://cve.report/CVE-2008-1392","api":"https://cve.report/api/cve/CVE-2008-1392.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2008-1392","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2008-1392"},"summary":{"title":"CVE-2008-1392","description":"The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.","state":"PUBLISHED","assigner":"mitre","published_at":"2008-03-20 00:44:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-16","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"10","severity":"","vector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html","name":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"[Security-announce] VMSA-2008-0005 Updated VMware Workstation,\n VMware Player, VMware\n Server, VMware ACE, and VMware Fusion resolve critical security issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html","name":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"VMSA-2008-0005.1 - VMware","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html","name":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"VMware ACE Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","name":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Workstation 6 Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/3755","name":"http://securityreason.com/securityalert/3755","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityReason - VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","name":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"VMware Player Release Notes","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41551","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41551","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://security.gentoo.org/glsa/glsa-201209-25.xml","name":"http://security.gentoo.org/glsa/glsa-201209-25.xml","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Gentoo Linux Documentation\n--\n  VMware Player, Server, Workstation: Multiple vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded","name":"http://www.securityfocus.com/archive/1/489739/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/28276","name":"http://www.securityfocus.com/bid/28276","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"VMware Server 1.0.5 and Workstation 6.0.3 Multiple Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2008-1392","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1392","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2008","cve_id":"1392","vulnerable":"0","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"microsoft","cpe5":"windows","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"1392","vulnerable":"1","versionEndIncluding":"2.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"ace","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"1392","vulnerable":"1","versionEndIncluding":"2.0.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"player","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2008","cve_id":"1392","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"vmware_workstation","cpe6":"6.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T08:17:34.739Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"GLSA-201209-25","tags":["vendor-advisory","x_refsource_GENTOO","x_transferred"],"url":"http://security.gentoo.org/glsa/glsa-201209-25.xml"},{"name":"3755","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3755"},{"name":"vmware-vix-api-unspecified(41551)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded"},{"name":"[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html"},{"name":"28276","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/28276"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2008-03-18T00:00:00.000Z","descriptions":[{"lang":"en","value":"The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-11T19:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"GLSA-201209-25","tags":["vendor-advisory","x_refsource_GENTOO"],"url":"http://security.gentoo.org/glsa/glsa-201209-25.xml"},{"name":"3755","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3755"},{"name":"vmware-vix-api-unspecified(41551)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded"},{"name":"[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","tags":["mailing-list","x_refsource_MLIST"],"url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html"},{"name":"28276","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/28276"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2008-1392","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"GLSA-201209-25","refsource":"GENTOO","url":"http://security.gentoo.org/glsa/glsa-201209-25.xml"},{"name":"3755","refsource":"SREASON","url":"http://securityreason.com/securityalert/3755"},{"name":"vmware-vix-api-unspecified(41551)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/41551"},{"name":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html"},{"name":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/player2/doc/releasenotes_player2.html"},{"name":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html","refsource":"CONFIRM","url":"http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html"},{"name":"20080318 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/489739/100/0/threaded"},{"name":"[security-announce] 20080317 VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues","refsource":"MLIST","url":"http://lists.vmware.com/pipermail/security-announce/2008/000008.html"},{"name":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html","refsource":"CONFIRM","url":"http://www.vmware.com/security/advisories/VMSA-2008-0005.html"},{"name":"28276","refsource":"BID","url":"http://www.securityfocus.com/bid/28276"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2008-1392","datePublished":"2008-03-20T00:00:00.000Z","dateReserved":"2008-03-19T00:00:00.000Z","dateUpdated":"2024-08-07T08:17:34.739Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2008-03-20 00:44:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-16","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:C/I:C/A:C","baseScore":10,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":10,"acInsufInfo":true,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*","matchCriteriaId":"2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:ace:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0","matchCriteriaId":"A9191386-10C0-48A2-B70C-6A047347B5A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*","versionEndIncluding":"2.0.2","matchCriteriaId":"389DA24B-6865-428D-8630-837A0D589891"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vmware_workstation:6.0.2:*:*:*:*:*:*:*","matchCriteriaId":"6DFFE01E-BD0A-432E-B47C-D68DAADDD075"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2008","CveId":"1392","Ordinal":"1","Title":"CVE-2008-1392","CVE":"CVE-2008-1392","Year":"2008"},"notes":[{"CveYear":"2008","CveId":"1392","Ordinal":"1","NoteData":"The default configuration of VMware Workstation 6.0.2, VMware Player 2.0.x before 2.0.3, and VMware ACE 2.0.x before 2.0.1 makes the console of the guest OS accessible through anonymous VIX API calls, which has unknown impact and attack vectors.","Type":"Description","Title":"CVE-2008-1392"},{"CveYear":"2008","CveId":"1392","Ordinal":"2","NoteData":"2008-03-19","Type":"Other","Title":"Published"},{"CveYear":"2008","CveId":"1392","Ordinal":"3","NoteData":"2018-10-11","Type":"Other","Title":"Modified"}]}}}