CVE-2017-4945

Опубликовано: 05 янв. 2018

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

Ссылки

http://www.securityfocus.com/bid/102441
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040109
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040136
Third Party Advisory
VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Patch
Vendor Advisory
http://www.securityfocus.com/bid/102441
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040109
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040136
Third Party Advisory
VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:12.5.9:*:*:*:*:*:*:*

cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:a:vmware:fusion:8.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.9:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:8.5.10:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:10.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:10.0.1:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*

cpe:2.3:a:vmware:fusion:10.1.1:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

EPSS

Процентиль: 21%

0.00066

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-8xhx-57h6-9j99