CVE-2017-4934

Опубликовано: 17 нояб. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 7.2

EPSS Низкий

Описание

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

Ссылки

http://www.securityfocus.com/bid/101903
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039835
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0018.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/101903
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1039835
Third Party Advisory
VDB Entry
https://www.vmware.com/security/advisories/VMSA-2017-0018.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.0005

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-119

Связанные уязвимости

GHSA-q49m-wxhv-w23w

CVSS3: 8.8

github

больше 3 лет назад

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host.

BDU:2018-00065

CVSS3: 8.8

fstec

около 8 лет назад

Уязвимость службы VMware NAT гипервизоров VMware Workstation и Vmware Fusion, позволяющая нарушителю выполнить произвольный код на хостовой операционной системе

EPSS

Процентиль: 16%

0.0005

Низкий

8.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-119