1. CVE-Search
  2. CVE-2017-4933
ID CVE-2017-4933
Summary VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:12.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:12.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:14.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation_pro:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation_pro:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
  • cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
    cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:macos:*:*
    cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:macos:*:*
  • cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*
  • cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
    cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
CVSS
Base: 6.0 (as of 03-02-2022 - 19:44)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:P/A:P
refmap via4
confirm https://www.vmware.com/security/advisories/VMSA-2017-0021.html
sectrack
  • 1040024
  • 1040025
Last major update 03-02-2022 - 19:44
Published 20-12-2017 - 15:29
Last modified 03-02-2022 - 19:44
Back to Top