CVE-2017-4933

Published Dec 20, 2017

Last updated 3 years ago

CVSS high 8.8

Overview

Description: VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
Source: security@vmware.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-787

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE8FC688-FBC8-4BBF-BEC6-D8B85B61C3D4",
            "versionEndExcluding": "12.5.8",
            "versionStartIncluding": "12.0.0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation_pro:14.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CFC8B7E0-C0D4-416C-B9BD-011B0DCE9A07"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation_pro:14.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E5AECF4-F516-4FB8-906D-E8608D331C35"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D2ED442-3F6D-472A-AA98-51D05A65B2E0"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2A71EC72-3389-4EC7-8104-2A78F7B8C0DC"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F948E806-0F73-4145-A723-7A43BA45842B"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "75FAFF86-C65F-4723-8A63-BACE2F797937"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBC31DE3-ACFE-422F-B253-2FE4AAFE3954"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B30B3EA4-495F-4915-B6E3-5FB9277C2DE6"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6FA9E337-B4F3-4895-BA58-962F8CDEE73E"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "830B0BC1-A368-49AC-B6C9-B000972EF92A"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "614394F3-3BEE-4E12-AABF-436D54A04313"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "350FD3CE-8B64-4FCF-82DE-BE941156F4F6"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9EAE177-6C7E-4C1B-ADEE-2C036F731272"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFFEEC31-8462-4DF9-A1DA-D7057C209CBA"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "942DAD67-9455-4D02-BD3B-BFD2DE7A7E52"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ACC1A72-F6B6-430A-AB89-AB0A11587F58"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45111C74-BF6F-4C05-A0D3-CE325AD0C02B"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1CE5849-01B1-4E36-83E8-496A3F328C9C"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A879BA05-3A80-4EBC-AA9D-9B53695425B4"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D65A0E8-A1E0-42F3-B77D-2F32979278BB"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80C10150-39BA-4818-B48F-8645D4A0D316"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9792B986-86EF-40E0-9427-A45F858717E1"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "37EDD688-C91A-4A35-913A-82E156ADD242"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47DA50DA-7CA4-4B76-8B3B-A5732509F71D"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76EB1A04-0645-4909-AEF9-33D6FADA4793"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1A35723-D968-42D6-89EB-86CA550516E6"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C3AC8A19-F98E-48F1-A1EA-EAA1C7208335"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2D6A3952-8429-4762-8701-47D7C1F05A5F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20740117-8BC1-47B8-AA10-8ADF91F1CA86",
            "versionEndExcluding": "8.5.9",
            "versionStartIncluding": "8.0.0"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References