Lucene search

[email protected]CVE-2017-4907

HistoryJun 08, 2017 - 1:29 p.m.

CVE-2017-4907

2017-06-0813:29:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2017-4907

vmware

unified access gateway

horizon view

buffer-overflow

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.

Affected configurations

NVD

Node

vmwarehorizon_viewMatch6.0

vmwarehorizon_viewMatch6.0.2

vmwarehorizon_viewMatch6.1

vmwarehorizon_viewMatch6.1.1

vmwarehorizon_viewMatch6.2

vmwarehorizon_viewMatch6.2.1

vmwarehorizon_viewMatch6.2.2

vmwarehorizon_viewMatch6.2.3

vmwarehorizon_viewMatch6.2.4

vmwarehorizon_viewMatch7.0

Node

vmwareunified_access_gatewayMatch2.5

vmwareunified_access_gatewayMatch2.5.1

vmwareunified_access_gatewayMatch2.7

vmwareunified_access_gatewayMatch2.7.2

vmwareunified_access_gatewayMatch2.8

CPENameOperatorVersion
vmware:horizon_viewvmware horizon vieweq6.0
vmware:horizon_viewvmware horizon vieweq6.0.2
vmware:horizon_viewvmware horizon vieweq6.1
vmware:horizon_viewvmware horizon vieweq6.1.1
vmware:horizon_viewvmware horizon vieweq6.2
vmware:horizon_viewvmware horizon vieweq6.2.1
vmware:horizon_viewvmware horizon vieweq6.2.2
vmware:horizon_viewvmware horizon vieweq6.2.3
vmware:horizon_viewvmware horizon vieweq6.2.4
vmware:horizon_viewvmware horizon vieweq7.0

CPE	Name	Operator	Version
vmware:horizon_view	vmware horizon view	eq	6.0
vmware:horizon_view	vmware horizon view	eq	6.0.2
vmware:horizon_view	vmware horizon view	eq	6.1
vmware:horizon_view	vmware horizon view	eq	6.1.1
vmware:horizon_view	vmware horizon view	eq	6.2
vmware:horizon_view	vmware horizon view	eq	6.2.1
vmware:horizon_view	vmware horizon view	eq	6.2.2
vmware:horizon_view	vmware horizon view	eq	6.2.3
vmware:horizon_view	vmware horizon view	eq	6.2.4
vmware:horizon_view	vmware horizon view	eq	7.0

CNA Affected

[
  {
    "product": "Unified Access Gateway",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "2.5.x"
      },
      {
        "status": "affected",
        "version": "2.7.x"
      },
      {
        "status": "affected",
        "version": "2.8.x prior to 2.8.1"
      }
    ]
  },
  {
    "product": "Horizon View",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "7.x prior to 7.1.0"
      },
      {
        "status": "affected",
        "version": "6.x prior to 6.2.4"
      }
    ]
  }
]

References

www.securityfocus.com/bid/97914

www.securitytracker.com/id/1038281

www.vmware.com/security/advisories/VMSA-2017-0008.html

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.054 Low

EPSS

Percentile

93.2%

JSON

Related for CVE-2017-4907

prion1 nessus1 cvelist1 nvd1 vmware2 kaspersky1