Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11177
HistoryJan 10, 2018 - 12:00 a.m.

KLA11177 Multiple vulnerabilities in VMware products

2018-01-1000:00:00
Kaspersky Lab
threats.kaspersky.com
277

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON

Multiple serious vulnerabilities have been found in VMware Workstation and VMware Fusion. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled can be exploited remotely to execute arbitrary code;
  2. An integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled can be exploited remotely to execute arbitrary code;

Original advisories

VMSA-2018-0005

Related products

VMware-Workstation

VMware-Fusion

CVE list

CVE-2017-4949 high

CVE-2017-4950 high

Solution

Update to latest versionDownload VMware Fusion

Download VMware Workstation Pro

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • Workstation 14.x earlier than 14.1.1Workstation 12.x earlier than 12.5.9Fusion 10.x earlier than 10.1.1Fusion 8.x earlier than 8.5.10

Related

vmware 2
nessus 3
cve 2
cvelist 2
nvd 2
prion 2
vmware
vmware
VMware Workstation, and Fusion updates resolve use-after-free and integer-overflow vulnerabilities
2018-01-10 00:00:00
VMware vSphere, Workstation and Fusion updates add Hypervisor-Assisted Guest Remediation for speculative execution issue
2018-01-10 00:00:00
nessus
nessus
VMware Player 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)
2018-01-12 00:00:00
VMware Fusion 8.x < 8.5.10 / 10.x < 10.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre) (macOS)
2018-01-12 00:00:00
VMware Workstation 12.x < 12.5.9 / 14.x < 14.1.1 Multiple Vulnerabilities (VMSA-2018-0004) (VMSA-2018-0005) (Spectre)
2018-01-12 00:00:00
cve
cve
CVE-2017-4950
2018-01-11 14:29:00
CVE-2017-4949
2018-01-11 14:29:00
cvelist
cvelist
CVE-2017-4950
2018-01-11 14:00:00
CVE-2017-4949
2018-01-11 14:00:00
nvd
nvd
CVE-2017-4950
2018-01-11 14:29:00
CVE-2017-4949
2018-01-11 14:29:00
prion
prion
Integer overflow
2018-01-11 14:29:00
Design/Logic Flaw
2018-01-11 14:29:00

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

28.9%

JSON
Related for KLA11177
vmware2nessus3cve2cvelist2nvd2prion2