Lucene search

[email protected]CVE-2017-4945

HistoryJan 05, 2018 - 2:29 p.m.

CVE-2017-4945

2018-01-0514:29:10

[email protected]

web.nvd.nist.gov

vmware

workstation

fusion

guest access control

vulnerability

program execution

unity

windows vms

vmware tools

cve-2017-4945

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

Affected configurations

NVD

Node

vmwareworkstationMatch12.0.0

vmwareworkstationMatch12.0.1

vmwareworkstationMatch12.1

vmwareworkstationMatch12.1.1

vmwareworkstationMatch12.5

vmwareworkstationMatch12.5.0

vmwareworkstationMatch12.5.1

vmwareworkstationMatch12.5.2

vmwareworkstationMatch12.5.3

vmwareworkstationMatch12.5.4

vmwareworkstationMatch12.5.5

vmwareworkstationMatch12.5.6

vmwareworkstationMatch12.5.7

vmwareworkstationMatch12.5.8

vmwareworkstationMatch12.5.9

vmwareworkstationMatch14.0

Node

vmwarefusionMatch8.0

vmwarefusionMatch8.0.1

vmwarefusionMatch8.0.2

vmwarefusionMatch8.1

vmwarefusionMatch8.1.1

vmwarefusionMatch8.5

vmwarefusionMatch8.5.1

vmwarefusionMatch8.5.2

vmwarefusionMatch8.5.3

vmwarefusionMatch8.5.4

vmwarefusionMatch8.5.5

vmwarefusionMatch8.5.6

vmwarefusionMatch8.5.7

vmwarefusionMatch8.5.8

vmwarefusionMatch8.5.9

vmwarefusionMatch8.5.10

vmwarefusionMatch10.0

vmwarefusionMatch10.0.1

vmwarefusionMatch10.1.0

vmwarefusionMatch10.1.1

AND

applemac_os_xMatch-

CPENameOperatorVersion
vmware:workstationvmware workstationeq12.0.0
vmware:workstationvmware workstationeq12.0.1
vmware:workstationvmware workstationeq12.1
vmware:workstationvmware workstationeq12.1.1
vmware:workstationvmware workstationeq12.5
vmware:workstationvmware workstationeq12.5.0
vmware:workstationvmware workstationeq12.5.1
vmware:workstationvmware workstationeq12.5.2
vmware:workstationvmware workstationeq12.5.3
vmware:workstationvmware workstationeq12.5.4

CPE	Name	Operator	Version
vmware:workstation	vmware workstation	eq	12.0.0
vmware:workstation	vmware workstation	eq	12.0.1
vmware:workstation	vmware workstation	eq	12.1
vmware:workstation	vmware workstation	eq	12.1.1
vmware:workstation	vmware workstation	eq	12.5
vmware:workstation	vmware workstation	eq	12.5.0
vmware:workstation	vmware workstation	eq	12.5.1
vmware:workstation	vmware workstation	eq	12.5.2
vmware:workstation	vmware workstation	eq	12.5.3
vmware:workstation	vmware workstation	eq	12.5.4

Rows per page:

1-10 of 161

CNA Affected

[
  {
    "product": "Workstation",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "14.x"
      },
      {
        "status": "affected",
        "version": "12.x"
      }
    ]
  },
  {
    "product": "Fusion",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "10.x"
      },
      {
        "status": "affected",
        "version": "8.x"
      }
    ]
  }
]

References

www.securityfocus.com/bid/102441

www.securitytracker.com/id/1040109

www.securitytracker.com/id/1040136

www.vmware.com/us/security/advisories/VMSA-2018-0003.html

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2017-4945

nessus2 prion1 cvelist1 nvd1 kaspersky1 vmware1