Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-4941

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

Published

2017-12-20T15:29:00.297

Last Modified

2025-04-20T01:37:25.860

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

6.8

Impact Score

6.4

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	fusion	< 8.5.9	Yes
Operating System	apple	mac_os_x	-	No
Application	vmware	workstation	< 12.5.8	Yes
Operating System	vmware	esxi	5.5	Yes
Operating System	vmware	esxi	5.5	Yes
Operating System	vmware	esxi	5.5	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes
Operating System	vmware	esxi	6.0	Yes

References

http://www.securitytracker.com/id/1040024 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040025 Third Party Advisory, VDB Entry ([email protected])
https://www.vmware.com/security/advisories/VMSA-2017-0021.html Issue Tracking, Patch, Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1040024 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040025 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2017-0021.html Issue Tracking, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)