Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveVmwareCVE-2017-4949
HistoryJan 11, 2018 - 2:29 p.m.

CVE-2017-4949

2018-01-1114:29:00
CWE-416
vmware
web.nvd.nist.gov
49
vmware
workstation
fusion
use-after-free
vulnerability
nat service
ipv6
code execution

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON

VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.

Affected configurations

Nvd
Node
vmwarefusionRange8.08.5.10
OR
vmwarefusionRange10.010.1.1
AND
applemac_os_xMatch-
Node
vmwareworkstationRange12.012.5.9
OR
vmwareworkstationRange14.014.1.1
VendorProductVersionCPE
vmwarefusion*cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
vmwareworkstation*cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Workstation Pro / Player",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "14.x before 14.1.1"
      },
      {
        "status": "affected",
        "version": "12.x before 12.5.9"
      }
    ]
  },
  {
    "product": "Fusion",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "10.x before 10.1.1"
      },
      {
        "status": "affected",
        "version": "8.x before 8.5.10"
      }
    ]
  }
]

Related

prion 1
nvd 1
cvelist 1
vmware 2
kaspersky 1
nessus 3
prion
prion
Design/Logic Flaw
2018-01-11 14:29:00
nvd
nvd
CVE-2017-4949
2018-01-11 14:29:00
cvelist
cvelist
CVE-2017-4949
2018-01-11 14:00:00
vmware
vmware
VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities
2018-01-10 00:00:00
VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
2018-01-10 00:00:00
kaspersky
kaspersky
KLA11177 Multiple vulnerabilities in VMware products
2018-01-10 00:00:00
nessus
nessus
VMware Player 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)
2018-01-12 00:00:00
VMware Fusion 8.x < 8.5.10 / 10.x < 10.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre) (macOS)
2018-01-12 00:00:00
VMware Workstation 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)
2018-01-12 00:00:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON
Related for CVE-2017-4949
prion1nvd1cvelist1vmware2kaspersky1nessus3