// For flags

CVE-2017-4933

 

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

VMware ESXi (6.5 anteriores a ESXi650-201710401-BG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de memoria dinámica (heap) mediante una serie específica de paquetes VNC, resultando en una corrupción de memoria dinámica. La explotación exitosa de esta vulnerabilidad podría resultar en la ejecución remota de código en una máquina virtual mediante la sesión VNC autenticada. Nota: Para que sea posible la explotación en ESXi, VNC debe estar habilitado manualmente en un archivo de configuración .vmx de la máquina virtual. Además, ESXi se debe configurar para permitir el tráfico VNC a través del firewall incorporado.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-12-26 CVE Reserved
  • 2017-12-20 CVE Published
  • 2024-02-14 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Fusion
Search vendor "Vmware" for product "Fusion"
>= 8.0.0 < 8.5.9
Search vendor "Vmware" for product "Fusion" and version " >= 8.0.0 < 8.5.9"
-
Affected
in Apple
Search vendor "Apple"
Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Vmware
Search vendor "Vmware"
Workstation Pro
Search vendor "Vmware" for product "Workstation Pro"
>= 12.0.0 < 12.5.8
Search vendor "Vmware" for product "Workstation Pro" and version " >= 12.0.0 < 12.5.8"
-
Affected
Vmware
Search vendor "Vmware"
Workstation Pro
Search vendor "Vmware" for product "Workstation Pro"
14.0
Search vendor "Vmware" for product "Workstation Pro" and version "14.0"
-
Affected
Vmware
Search vendor "Vmware"
Workstation Pro
Search vendor "Vmware" for product "Workstation Pro"
14.1.0
Search vendor "Vmware" for product "Workstation Pro" and version "14.1.0"
-
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
-
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201701001
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201703001
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201703002
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201704001
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707101
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707102
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707103
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707201
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707202
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707203
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707204
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707205
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707206
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707207
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707208
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707209
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707210
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707211
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707212
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707213
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707214
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707215
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707216
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707217
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707218
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707219
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707220
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201707221
Affected
Vmware
Search vendor "Vmware"
Esxi
Search vendor "Vmware" for product "Esxi"
6.5
Search vendor "Vmware" for product "Esxi" and version "6.5"
650-201710001
Affected