VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
References
| Link | Resource |
|---|---|
| http://www.securitytracker.com/id/1040024 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1040025 | Third Party Advisory VDB Entry |
| https://www.vmware.com/security/advisories/VMSA-2017-0021.html | Issue Tracking Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
03 Feb 2022, 19:47
| Type | Values Removed | Values Added |
|---|---|---|
| CPE |
27 Jan 2022, 17:32
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : 6.0
v3 : 8.8 |
| First Time |
Apple
Apple mac Os X Vmware workstation |
|
| CPE | cpe:2.3:a:vmware:workstation_pro:14.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.3:*:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:14.1.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.6:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:* cpe:2.3:a:vmware:workstation_pro:12.5.7:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:* |
cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:* cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:* cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:5.5:550-20170901001s:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:5.5:550-20170904001:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:* cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:* |
Information
Published : 2017-12-20 15:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-4941
Mitre link : CVE-2017-4941
CVE.ORG link : CVE-2017-4941
JSON object : View
Products Affected
vmware
- fusion
- esxi
- workstation
apple
- mac_os_x
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer