Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-4952

VMware Xenon 1.x, prior to 1.5.4-CR7_1, 1.5.7_7, 1.5.4-CR6_2, 1.3.7-CR1_2, 1.1.0-CR0-3, 1.1.0-CR3_1,1.4.2-CR4_1, and 1.5.4_8, contains an authentication bypass vulnerability due to insufficient access controls for utility endpoints. Successful exploitation of this issue may result in information disclosure.

Published

2018-05-02T14:29:00.380

Last Modified

2024-11-21T03:26:45.067

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	xenon	≤ 1.5.3	Yes
Application	vmware	xenon	1.1.0	Yes
Application	vmware	xenon	1.1.0	Yes
Application	vmware	xenon	1.3.7	Yes
Application	vmware	xenon	1.4.2	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4	Yes
Application	vmware	xenon	1.5.4_8	Yes
Application	vmware	xenon	1.5.7_7	Yes

References

http://seclists.org/oss-sec/2018/q1/153 Mailing List, Third Party Advisory ([email protected])
http://www.securityfocus.com/bid/103093 Third Party Advisory, VDB Entry ([email protected])
https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1 Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592 Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8 Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713 Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75 Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977 Patch, Third Party Advisory ([email protected])
https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3 Patch, Third Party Advisory ([email protected])
http://seclists.org/oss-sec/2018/q1/153 Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/103093 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/055ae13603f0cc3cd7cf59f20ce314bf8db583e1 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/06b9947cf603ba40fd8b03bfeb2e84528a7ab592 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/30ae41bccf418d88b52b35a81efb3c1304b798f8 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/5682ef8d40569afd00fb9a5933e7706bb5b66713 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/756d893573414eec8635c2aba2345c4dcf10b21c Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/7a747d82b80cd38d2c11a0d9cdedb71c722a2c75 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/b1fd306047ecdac82661d636ebee801a7f2b3a0a Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/c23964eb57e846126daef98ef7ed15400313e977 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vmware/xenon/commit/ec30db9afada9cb52852082ce4d7d0095524f3b3 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)