CVE-2017-4905
VMware Workstation Uninitialized Memory Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.
ESXi versiones 6.5 sin parche ESXi650-201703410-SG, 6.0 U3 sin parche ESXi600-201703401-SG, 6.0 U2 sin parche ESXi600-201703403-SG, 6.0 U1 sin parche ESXi600-201703402-SG, 5.5 sin parche ESXi550-201701401-SG; Workstation Pro / Player versiones 12.x anteriores a 12.5.5; y Fusion Pro / Fusion versiones 8.x anteriores a 8.5.6 de VMware, presenta un uso de memoria no inicializada. Este problema puede conducir a un filtrado de informaciĆ³n.
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the handling of the Backdoor communications channel. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the hypervisor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-26 CVE Reserved
- 2017-03-30 CVE Published
- 2019-06-06 First Exploit
- 2024-08-05 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-908: Use of Uninitialized Resource
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/97164 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038148 | Third Party Advisory | |
| http://www.securitytracker.com/id/1038149 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/47715 | 2019-06-06 |
| URL | Date | SRC |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2017-0006.html | 2022-02-07 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | >= 8.0.0 < 8.5.6 Search vendor "Vmware" for product "Fusion" and version " >= 8.0.0 < 8.5.6" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Fusion Pro Search vendor "Vmware" for product "Fusion Pro" | >= 8.0.0 < 8.5.6 Search vendor "Vmware" for product "Fusion Pro" and version " >= 8.0.0 < 8.5.6" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
| Vmware Search vendor "Vmware" | Workstation Player Search vendor "Vmware" for product "Workstation Player" | >= 12.0.0 < 12.5.5 Search vendor "Vmware" for product "Workstation Player" and version " >= 12.0.0 < 12.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Pro Search vendor "Vmware" for product "Workstation Pro" | >= 12.0.0 < 12.5.5 Search vendor "Vmware" for product "Workstation Pro" and version " >= 12.0.0 < 12.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 3a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 5.5 Search vendor "Vmware" for product "Esxi" and version "5.5" | 3b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 1a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 1b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 3 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.0 Search vendor "Vmware" for product "Esxi" and version "6.0" | 3a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | - |
Affected
| ||||||