CVE-2017-4933

Published: Dic 20, 2017 Last Modified: Apr 20, 2025 EU-VD ID: EUVD-2017-14050 Aliases: GSD-2017-4933
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 6,0
Source: [email protected]
Access Vector: network
Access Complexity: medium
Authentication: single
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0708
Percentile
0,9th
Updated

EPSS Score Trend (Last 90 Days)

787

Out-of-bounds Write

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity Availability Other
Potential Impacts:
Modify Memory Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Unexpected State
Applicable Platforms
Languages: Assembly, C, C++, Memory-Unsafe
Technologies: ICS/OT
Likelihood of Exploit: High
View CWE Details
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Fusion by Vmware

Product Information
Vendor Vmware
Product Fusion
Version Range Affected
From 8.0.0 (inclusive)
To 8.5.9 (exclusive)
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation Pro by Vmware

Product Information
Vendor Vmware
Product Workstation Pro
Version 14.1.0
cpe:2.3:a:vmware:workstation_pro:14.1.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation Pro by Vmware

Product Information
Vendor Vmware
Product Workstation Pro
Version 14.0
cpe:2.3:a:vmware:workstation_pro:14.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Esxi by Vmware

Product Information
Vendor Vmware
Product Esxi
Version 6.5
cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Workstation Pro by Vmware

Product Information
Vendor Vmware
Product Workstation Pro
Version Range Affected
From 12.0.0 (inclusive)
To 12.5.8 (exclusive)
cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.vmware.com/security/advisories/VMSA-2017-0021.h…
Issue Tracking Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2017-0021.html
http://www.securitytracker.com/id/1040024
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040024
http://www.securitytracker.com/id/1040025
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040025
https://www.vmware.com/security/advisories/VMSA-2017-0021.h…
Issue Tracking Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2017-0021.html
http://www.securitytracker.com/id/1040024
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040024
http://www.securitytracker.com/id/1040025
Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040025