CVE-2017-4933
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
VMware ESXi (6.5 anteriores a ESXi650-201710401-BG), Workstation (12.x anteriores a la 12.5.8) y Fusion (8.x anteriores a la 8.5.9) contienen una vulnerabilidad que podría permitir que una sesión VNC autenticada provoque un desbordamiento de memoria dinámica (heap) mediante una serie específica de paquetes VNC, resultando en una corrupción de memoria dinámica. La explotación exitosa de esta vulnerabilidad podría resultar en la ejecución remota de código en una máquina virtual mediante la sesión VNC autenticada. Nota: Para que sea posible la explotación en ESXi, VNC debe estar habilitado manualmente en un archivo de configuración .vmx de la máquina virtual. Además, ESXi se debe configurar para permitir el tráfico VNC a través del firewall incorporado.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-12-26 CVE Reserved
- 2017-12-20 CVE Published
- 2024-02-14 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securitytracker.com/id/1040024 | Third Party Advisory | |
http://www.securitytracker.com/id/1040025 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2017-0021.html | 2022-02-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | >= 8.0.0 < 8.5.9 Search vendor "Vmware" for product "Fusion" and version " >= 8.0.0 < 8.5.9" | - |
Affected
| in | Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | - | - |
Safe
|
Vmware Search vendor "Vmware" | Workstation Pro Search vendor "Vmware" for product "Workstation Pro" | >= 12.0.0 < 12.5.8 Search vendor "Vmware" for product "Workstation Pro" and version " >= 12.0.0 < 12.5.8" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Workstation Pro Search vendor "Vmware" for product "Workstation Pro" | 14.0 Search vendor "Vmware" for product "Workstation Pro" and version "14.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Workstation Pro Search vendor "Vmware" for product "Workstation Pro" | 14.1.0 Search vendor "Vmware" for product "Workstation Pro" and version "14.1.0" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201701001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201703001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201703002 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201704001 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707101 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707102 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707103 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707201 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707202 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707203 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707204 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707205 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707206 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707207 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707208 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707209 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707210 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707211 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707212 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707213 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707214 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707215 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707216 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707217 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707218 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707219 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707220 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201707221 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.5 Search vendor "Vmware" for product "Esxi" and version "6.5" | 650-201710001 |
Affected
|