CVE-2017-4941

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2017-4941
VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://www.securitytracker.com/id/1040024 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1040025 Third Party Advisory VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0021.html Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.5:550-20170901001s:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.5:550-20170904001:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*
History

03 Feb 2022, 19:47

Type Values Removed Values Added
CPE cpe:2.3:o:vmware:esxi:5.5:*:*:*:*:*:*:*

27 Jan 2022, 17:32

Type Values Removed Values Added
CPE cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:14.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.5.6:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.5.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:10.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.5.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.5.4:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:14.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.5:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation_pro:12.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*		 cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.5:550-20170901001s:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:5.5:550-20170904001:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*
cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*
CVSS v2 : 6.0
v3 : 7.5 		v2 : 6.0
v3 : 8.8
Information

Published : 2017-12-20 15:29

Updated : 2024-02-04 19:29

NVD link : CVE-2017-4941

Mitre link : CVE-2017-4941

CVE.ORG link : CVE-2017-4941

JSON object : View

Products Affected

apple

  • mac_os_x

vmware

  • esxi
  • workstation
  • fusion
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer