Versio.io

CVE-2017-4933

Common vulnerabilities & exposures (CVE)

CVE databaseCVE database blogpostRelease & EoL database
 
Published at: - 20-12-2017 04:29
Last modified: - 03-02-2022 08:44
Total changes: - 2

Description

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Low
Attack complexity
Network
Attack vector
High
Availability
High
Confidentiality
High
Integrity
Low
Privileges required
Unchanged
Scope
None
User interaction
8.8
Base score
2.8
5.9
Exploitability score
Impact score
 

Verification logic

OR
OR
vendor=vmware AND product=workstation_pro AND versionStartIncluding=12.0.0 AND versionEndExcluding=12.5.8
vendor=vmware AND product=workstation_pro AND version=14.0
vendor=vmware AND product=workstation_pro AND version=14.1.0
vendor=vmware AND product=esxi AND version=6.5 AND update=-
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201701001
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201703001
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201703002
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201704001
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707101
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707102
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707103
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707201
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707202
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707203
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707204
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707205
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707206
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707207
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707208
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707209
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707210
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707211
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707212
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707213
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707214
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707215
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707216
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707217
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707218
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707219
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707220
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201707221
vendor=vmware AND product=esxi AND version=6.5 AND update=650-201710001
AND
OR
vendor=vmware AND product=fusion AND versionStartIncluding=8.0.0 AND versionEndExcluding=8.5.9
OR
vendor=apple AND product=mac_os_x AND version=-
 

Reference

 


Keywords

NVD

 

CVE-2017-4933

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures

 

We use cookies to ensure that we give you the best experience on our website. Read privacy policies for more information.