Lucene search

[email protected]CVE-2017-4903

HistoryJun 07, 2017 - 6:29 p.m.

CVE-2017-4903

2017-06-0718:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-4903

vmware

esxi

workstation pro

player

fusion pro

nvd

code execution

memory usage

svga

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.6 High

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

32.4%

JSON

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have an uninitialized stack memory usage in SVGA. This issue may allow a guest to execute code on the host.

Affected configurations

NVD

Node

vmwareworkstation_playerRange12.0.0–12.5.5

vmwareworkstation_proRange12.0.0–12.5.5

vmwareesxiMatch5.5-

vmwareesxiMatch5.51

vmwareesxiMatch5.52

vmwareesxiMatch5.53a

vmwareesxiMatch5.53b

vmwareesxiMatch6.0-

vmwareesxiMatch6.01

vmwareesxiMatch6.01a

vmwareesxiMatch6.01b

vmwareesxiMatch6.02

vmwareesxiMatch6.03

vmwareesxiMatch6.03a

vmwareesxiMatch6.0600-201504401

vmwareesxiMatch6.0600-201505401

vmwareesxiMatch6.0600-201507101

vmwareesxiMatch6.0600-201507102

vmwareesxiMatch6.0600-201507401

vmwareesxiMatch6.0600-201507402

vmwareesxiMatch6.0600-201507403

vmwareesxiMatch6.0600-201507404

vmwareesxiMatch6.0600-201507405

vmwareesxiMatch6.0600-201507406

vmwareesxiMatch6.0600-201507407

vmwareesxiMatch6.0600-201509101

vmwareesxiMatch6.0600-201509102

vmwareesxiMatch6.0600-201509201

vmwareesxiMatch6.0600-201509202

vmwareesxiMatch6.0600-201509203

vmwareesxiMatch6.0600-201509204

vmwareesxiMatch6.0600-201509205

vmwareesxiMatch6.0600-201509206

vmwareesxiMatch6.0600-201509207

vmwareesxiMatch6.0600-201509208

vmwareesxiMatch6.0600-201509209

vmwareesxiMatch6.0600-201509210

vmwareesxiMatch6.0600-201510401

vmwareesxiMatch6.0600-201511401

vmwareesxiMatch6.0600-201601101

vmwareesxiMatch6.0600-201601102

vmwareesxiMatch6.0600-201601401

vmwareesxiMatch6.0600-201601402

vmwareesxiMatch6.0600-201601403

vmwareesxiMatch6.0600-201601404

vmwareesxiMatch6.0600-201601405

vmwareesxiMatch6.0600-201602401

vmwareesxiMatch6.0600-201603101

vmwareesxiMatch6.0600-201603102

vmwareesxiMatch6.0600-201603201

vmwareesxiMatch6.0600-201603202

vmwareesxiMatch6.0600-201603203

vmwareesxiMatch6.0600-201603204

vmwareesxiMatch6.0600-201603205

vmwareesxiMatch6.0600-201603206

vmwareesxiMatch6.0600-201603207

vmwareesxiMatch6.0600-201603208

vmwareesxiMatch6.0600-201605401

vmwareesxiMatch6.0600-201608101

vmwareesxiMatch6.0600-201608401

vmwareesxiMatch6.0600-201608402

vmwareesxiMatch6.0600-201608403

vmwareesxiMatch6.0600-201608404

vmwareesxiMatch6.0600-201608405

vmwareesxiMatch6.0600-201610410

vmwareesxiMatch6.0600-201611401

vmwareesxiMatch6.0600-201611402

vmwareesxiMatch6.0600-201611403

vmwareesxiMatch6.0600-201702101

vmwareesxiMatch6.0600-201702102

vmwareesxiMatch6.0600-201702201

vmwareesxiMatch6.0600-201702202

vmwareesxiMatch6.0600-201702203

vmwareesxiMatch6.0600-201702204

vmwareesxiMatch6.0600-201702205

vmwareesxiMatch6.0600-201702206

vmwareesxiMatch6.0600-201702207

vmwareesxiMatch6.0600-201702208

vmwareesxiMatch6.0600-201702209

vmwareesxiMatch6.0600-201702210

vmwareesxiMatch6.0600-201702211

vmwareesxiMatch6.0600-201702212

vmwareesxiMatch6.5-

vmwareesxiMatch6.5650-201701001

vmwareesxiMatch6.5650-201703001

vmwareesxiMatch6.5650-201703002

Node

vmwarefusionRange8.0.0–8.5.6

vmwarefusion_proRange8.0.0–8.5.6

AND

applemac_os_xMatch-

CPENameOperatorVersion
vmware:workstation_playervmware workstation playerlt12.5.5
vmware:workstation_provmware workstation prolt12.5.5
vmware:esxivmware esxieq5.5
vmware:esxivmware esxieq6.0
vmware:esxivmware esxieq6.5

CPE	Name	Operator	Version
vmware:workstation_player	vmware workstation player	lt	12.5.5
vmware:workstation_pro	vmware workstation pro	lt	12.5.5
vmware:esxi	vmware esxi	eq	5.5
vmware:esxi	vmware esxi	eq	6.0
vmware:esxi	vmware esxi	eq	6.5

CNA Affected

[
  {
    "product": "ESXi",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "6.5 without patch ESXi650-201703410-SG"
      },
      {
        "status": "affected",
        "version": "6.0 U3 without patch ESXi600-201703401-SG"
      },
      {
        "status": "affected",
        "version": "6.0 U2 without patch ESXi600-201703403-SG"
      },
      {
        "status": "affected",
        "version": "6.0 U1 without patch ESXi600-201703402-SG"
      },
      {
        "status": "affected",
        "version": "5.5 without patch ESXi550-201703401-SG"
      }
    ]
  },
  {
    "product": "Workstation Pro / Player",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "12.x prior to 12.5.5"
      }
    ]
  },
  {
    "product": "Fusion Pro / Fusion",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "8.x prior to 8.5.6"
      }
    ]
  }
]