Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2017-4941
HistoryDec 20, 2017 - 3:29 p.m.

CVE-2017-4941

2017-12-2015:29:00
CWE-119
[email protected]
web.nvd.nist.gov
2

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.6%

JSON

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine’s .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

Affected configurations

NVD
Node
vmwarefusionRange8.0.08.5.9
AND
applemac_os_xMatch-
Node
vmwareworkstationRange12.0.012.5.8
Node
vmwareesxiMatch5.5-
OR
vmwareesxiMatch5.5550-20170901001s
OR
vmwareesxiMatch5.5550-20170904001
Node
vmwareesxiMatch6.0-
OR
vmwareesxiMatch6.01
OR
vmwareesxiMatch6.01a
OR
vmwareesxiMatch6.01b
OR
vmwareesxiMatch6.02
OR
vmwareesxiMatch6.03
OR
vmwareesxiMatch6.03a
OR
vmwareesxiMatch6.0600-201504401
OR
vmwareesxiMatch6.0600-201505401
OR
vmwareesxiMatch6.0600-201507101
OR
vmwareesxiMatch6.0600-201507102
OR
vmwareesxiMatch6.0600-201507401
OR
vmwareesxiMatch6.0600-201507402
OR
vmwareesxiMatch6.0600-201507403
OR
vmwareesxiMatch6.0600-201507404
OR
vmwareesxiMatch6.0600-201507405
OR
vmwareesxiMatch6.0600-201507406
OR
vmwareesxiMatch6.0600-201507407
OR
vmwareesxiMatch6.0600-201509101
OR
vmwareesxiMatch6.0600-201509102
OR
vmwareesxiMatch6.0600-201509201
OR
vmwareesxiMatch6.0600-201509202
OR
vmwareesxiMatch6.0600-201509203
OR
vmwareesxiMatch6.0600-201509204
OR
vmwareesxiMatch6.0600-201509205
OR
vmwareesxiMatch6.0600-201509206
OR
vmwareesxiMatch6.0600-201509207
OR
vmwareesxiMatch6.0600-201509208
OR
vmwareesxiMatch6.0600-201509209
OR
vmwareesxiMatch6.0600-201509210
OR
vmwareesxiMatch6.0600-201510401
OR
vmwareesxiMatch6.0600-201511401
OR
vmwareesxiMatch6.0600-201601101
OR
vmwareesxiMatch6.0600-201601102
OR
vmwareesxiMatch6.0600-201601401
OR
vmwareesxiMatch6.0600-201601402
OR
vmwareesxiMatch6.0600-201601403
OR
vmwareesxiMatch6.0600-201601404
OR
vmwareesxiMatch6.0600-201601405
OR
vmwareesxiMatch6.0600-201602401
OR
vmwareesxiMatch6.0600-201603101
OR
vmwareesxiMatch6.0600-201603102
OR
vmwareesxiMatch6.0600-201603201
OR
vmwareesxiMatch6.0600-201603202
OR
vmwareesxiMatch6.0600-201603203
OR
vmwareesxiMatch6.0600-201603204
OR
vmwareesxiMatch6.0600-201603205
OR
vmwareesxiMatch6.0600-201603206
OR
vmwareesxiMatch6.0600-201603207
OR
vmwareesxiMatch6.0600-201603208
OR
vmwareesxiMatch6.0600-201605401
OR
vmwareesxiMatch6.0600-201608101
OR
vmwareesxiMatch6.0600-201608401
OR
vmwareesxiMatch6.0600-201608402
OR
vmwareesxiMatch6.0600-201608403
OR
vmwareesxiMatch6.0600-201608404
OR
vmwareesxiMatch6.0600-201608405
OR
vmwareesxiMatch6.0600-201610410
OR
vmwareesxiMatch6.0600-201611401
OR
vmwareesxiMatch6.0600-201611402
OR
vmwareesxiMatch6.0600-201611403
OR
vmwareesxiMatch6.0600-201702101
OR
vmwareesxiMatch6.0600-201702102
OR
vmwareesxiMatch6.0600-201702201
OR
vmwareesxiMatch6.0600-201702202
OR
vmwareesxiMatch6.0600-201702203
OR
vmwareesxiMatch6.0600-201702204
OR
vmwareesxiMatch6.0600-201702205
OR
vmwareesxiMatch6.0600-201702206
OR
vmwareesxiMatch6.0600-201702207
OR
vmwareesxiMatch6.0600-201702208
OR
vmwareesxiMatch6.0600-201702209
OR
vmwareesxiMatch6.0600-201702210
OR
vmwareesxiMatch6.0600-201702211
OR
vmwareesxiMatch6.0600-201702212
OR
vmwareesxiMatch6.0600-201703401
OR
vmwareesxiMatch6.0600-201706101
OR
vmwareesxiMatch6.0600-201706102
OR
vmwareesxiMatch6.0600-201706103
OR
vmwareesxiMatch6.0600-201706401
OR
vmwareesxiMatch6.0600-201706402
OR
vmwareesxiMatch6.0600-201706403
OR
vmwareesxiMatch6.0600-201710301

Related

talos 1
cvelist 1
seebug 1
cve 1
prion 1
talosblog 1
nessus 5
ibm 2
vmware 1
kaspersky 1
talos
talos
VMware VNC Pointer Decode Code Execution Vulnerability
2017-12-19 00:00:00
cvelist
cvelist
CVE-2017-4941
2017-12-19 00:00:00
seebug
seebug
VMware VNC Pointer Decode Code Execution Vulnerability(CVE-2017-4941)
2017-12-20 00:00:00
cve
cve
CVE-2017-4941
2017-12-20 15:29:00
prion
prion
Remote code execution
2017-12-20 15:29:00
talosblog
talosblog
Vulnerability Spotlight: VMWare VNC Vulnerabilities
2017-12-19 11:00:00
nessus
nessus
VMware Fusion 8.x < 8.5.9 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre) (macOS)
2017-12-29 00:00:00
VMware Player 12.x < 12.5.8 Multiple Vulnerabilities (VMSA-2017-0021) (VMSA-2018-0002) (Spectre)
2018-01-04 00:00:00
VMSA-2017-0021 : VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities
2017-12-21 00:00:00
ibm
ibm
Security Bulletin: IBM PureApplication Service/Systems, which includes IBM OS Images for Red Hat Linux Systems, as well as AIX-based and Windows-based deployments, has released a fix in response to the vulnerabilities known as Spectre and Meltdown.
2019-06-20 15:05:01
Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905)
2019-06-25 19:40:02
vmware
vmware
VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities
2017-12-19 00:00:00
kaspersky
kaspersky
KLA11164 Multiple vulnerabilities in VMware products
2017-12-19 00:00:00

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.023 Low

EPSS

Percentile

89.6%

JSON
Related for NVD:CVE-2017-4941
talos1cvelist1seebug1cve1prion1talosblog1nessus5ibm2vmware1kaspersky1