Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistVmwareCVELIST:CVE-2017-4941
HistoryDec 19, 2017 - 12:00 a.m.

CVE-2017-4941

2017-12-1900:00:00
vmware
www.cve.org
2

8.9 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.6%

JSON

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine’s .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CNA Affected

[
  {
    "product": "ESXi",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "6.0 before ESXi600-201711101-SG"
      },
      {
        "status": "affected",
        "version": "5.5 ESXi550-201709101-SG"
      }
    ]
  },
  {
    "product": "Workstation",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "12.x before 12.5.8"
      }
    ]
  },
  {
    "product": "Fusion",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "8.x before 8.5.9"
      }
    ]
  }
]

Related

talos 1
nvd 1
seebug 1
cve 1
prion 1
talosblog 1
nessus 5
ibm 2
vmware 1
kaspersky 1
talos
talos
VMware VNC Pointer Decode Code Execution Vulnerability
2017-12-19 00:00:00
nvd
nvd
CVE-2017-4941
2017-12-20 15:29:00
seebug
seebug
VMware VNC Pointer Decode Code Execution Vulnerability(CVE-2017-4941)
2017-12-20 00:00:00
cve
cve
CVE-2017-4941
2017-12-20 15:29:00
prion
prion
Remote code execution
2017-12-20 15:29:00
talosblog
talosblog
Vulnerability Spotlight: VMWare VNC Vulnerabilities
2017-12-19 11:00:00
nessus
nessus
VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (macOS)
2017-12-29 00:00:00
VMware Player 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre)
2018-01-04 00:00:00
VMSA-2017-0021 : VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities
2017-12-21 00:00:00
ibm
ibm
Security Bulletin: IBM PureApplication Service/Systems, which includes IBM OS Images for Red Hat Linux Systems, as well as AIX-based and Windows-based deployments, has released a fix in response to the vulnerabilities known as Spectre and Meltdown.
2019-06-20 15:05:01
Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905)
2019-06-25 19:40:02
vmware
vmware
VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities
2017-12-19 00:00:00
kaspersky
kaspersky
KLA11164 Multiple vulnerabilities in VMware products
2017-12-19 00:00:00

8.9 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.6%

JSON
Related for CVELIST:CVE-2017-4941
talos1nvd1seebug1cve1prion1talosblog1nessus5ibm2vmware1kaspersky1