CVE-2017-4952

Published May 2, 2018

Last updated 5 years ago

CVSS high 7.5

Overview

Description: VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.
Source: security@vmware.com
NVD status: Analyzed

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-732

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:xenon:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41FE1566-9CF4-4A2C-8B96-DC477B453732",
            "versionEndIncluding": "1.5.3",
            "versionStartIncluding": "1.0.0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.1.0:cr0-3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "393C8F1B-3E97-475C-ACE0-AD60A40A3480"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.1.0:cr3_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "908287BA-7E5D-4338-A3D4-39353F90B4EE"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.3.7:cr1_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "256FB7C5-FAE1-4844-8BD1-63346EF86E59"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.4.2:cr4_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAA29AB6-196C-4894-AF9B-4AC802346227"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "718A5001-9D4B-40F2-A8DD-5B6271252F04"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14B90D4B-5381-460E-86EC-4A0245DFD29C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A46B85FE-C297-45F1-BE2D-E2E55BE5552F"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "14521FD5-177A-4C62-B3AB-6C2396A4609D"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "178168B2-DF60-45B8-BB94-82151B4A10D1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr6_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DB5E354-E700-47A8-A2A3-553EEC9BDAA8"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr6_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6694BADF-CD2E-4ADD-B867-2DC0146FA901"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4:cr7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF7B077C-ADC1-4A3A-B1E6-FAB98A5EFB35"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.4_8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F9A47F10-AFF8-41B5-8BE6-9F6C2524D849"
          },
          {
            "criteria": "cpe:2.3:a:vmware:xenon:1.5.7_7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E14AA307-523D-4694-B50E-DB897AEA61E9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References