Published: 20/12/2017 Updated: 03/02/2022

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 535

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x prior to 12.5.8), and Fusion (8.x prior to 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware workstation pro
vmware workstation pro 14.0
vmware workstation pro 14.1.0
vmware esxi 6.5
vmware fusion

CWE-787 https://www.vmware.com/security/advisories/VMSA-2017-0021.html http://www.securitytracker.com/id/1040025 http://www.securitytracker.com/id/1040024 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-4933

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect