CVE-2017-4946

Опубликовано: 05 янв. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.

Ссылки

http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
http://www.securityfocus.com/bid/102441
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040136
Third Party Advisory
VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Patch
Vendor Advisory
http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
http://www.securityfocus.com/bid/102441
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040136
Third Party Advisory
VDB Entry
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vmware:vrealize_operations_for_horizon:*:*:*:*:*:*:*:*

Версия от 6.0 (включая) до 6.5.1 (исключая)

cpe:2.3:a:vmware:vrealize_operations_for_published_applications:*:*:*:*:*:*:*:*

Версия от 6.1.0 (включая) до 6.5.1 (исключая)

EPSS

Процентиль: 54%

0.00312

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-g7vg-w39c-g2rp