CVE-2017-4925

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 15-09-2017 03:29

Last modified: - 03-02-2022 08:44

Total changes: - 2

Description

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Local

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

5.5

Base score

1.8

3.6

Exploitability score

Impact score

Verification logic

vendor=vmware AND product=esxi AND version=5.5 AND update=-

vendor=vmware AND product=esxi AND version=5.5 AND update=1

vendor=vmware AND product=esxi AND version=5.5 AND update=2

vendor=vmware AND product=esxi AND version=5.5 AND update=3a

vendor=vmware AND product=esxi AND version=5.5 AND update=3b

vendor=vmware AND product=esxi AND version=5.5 AND update=550-20170901001s

vendor=vmware AND product=esxi AND version=6.0 AND update=-

vendor=vmware AND product=esxi AND version=6.0 AND update=1

vendor=vmware AND product=esxi AND version=6.0 AND update=1a

vendor=vmware AND product=esxi AND version=6.0 AND update=1b

vendor=vmware AND product=esxi AND version=6.0 AND update=2

vendor=vmware AND product=esxi AND version=6.0 AND update=3

vendor=vmware AND product=esxi AND version=6.0 AND update=3a

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201504401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201505401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507101

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507102

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507402

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507403

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507404

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507405

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507406

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201507407

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509101

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509102

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509201

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509202

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509203

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509204

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509205

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509206

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509207

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509208

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509209

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201509210

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201510401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201511401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201601101

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201601102

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201601401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201601402

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201601403

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201601404

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201601405

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201602401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603101

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603102

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603201

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603202

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603203

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603204

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603205

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603206

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603207

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201603208

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201605401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201608101

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201608401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201608402

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201608403

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201608404

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201608405

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201610410

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201611401

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201611402

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201611403

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702101

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702102

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702201

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702202

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702203

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702204

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702205

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702206

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702207

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702208

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702209

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702210

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702211

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201702212

vendor=vmware AND product=esxi AND version=6.0 AND update=600-201703401

vendor=vmware AND product=esxi AND version=6.5 AND update=-

vendor=vmware AND product=esxi AND version=6.5 AND update=650-201701001

vendor=vmware AND product=esxi AND version=6.5 AND update=650-201703001

vendor=vmware AND product=esxi AND version=6.5 AND update=650-201703002

vendor=vmware AND product=esxi AND version=6.5 AND update=650-201704001

vendor=vmware AND product=workstation AND versionStartIncluding=12.0.0 AND versionEndExcluding=12.5.3

vendor=vmware AND product=workstation_pro AND versionStartIncluding=12.0.0 AND versionEndExcluding=12.5.3

AND

vendor=vmware AND product=fusion AND versionStartIncluding=8.0.0 AND versionEndExcluding=8.5.4

vendor=apple AND product=mac_os_x AND version=-

Reference

https://www.vmware.com/security/advisories/VMSA-2017-0015.html
1039368-Third Party Advisory, VDB Entry
1039367-Third Party Advisory, VDB Entry
100842-Third Party Advisory, VDB Entry

Keywords

CVE-2017-4925

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2017-4925

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures