CVE-2017-4902 - OpenCVE

VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Fusion Workstation Player Fusion Pro Esxi Workstation Pro
Apple	Mac Os X

Configuration 1 [-]

OR	cpe:2.3:a:vmware:workstation_player::::::::
	cpe:2.3:a:vmware:workstation_pro::::::::
	cpe:2.3:o:vmware:esxi:5.5:-::::::
	cpe:2.3:o:vmware:esxi:5.5:1::::::
	cpe:2.3:o:vmware:esxi:5.5:2::::::
	cpe:2.3:o:vmware:esxi:5.5:3a::::::
	cpe:2.3:o:vmware:esxi:5.5:3b::::::
	cpe:2.3:o:vmware:esxi:6.5:-::::::
	cpe:2.3:o:vmware:esxi:6.5:650-201701001::::::
	cpe:2.3:o:vmware:esxi:6.5:650-201703001::::::
	cpe:2.3:o:vmware:esxi:6.5:650-201703002::::::

Configuration 2 [-]

AND

OR	cpe:2.3:a:vmware:fusion::::::::
	cpe:2.3:a:vmware:fusion_pro::::::::

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/97163	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038148	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1038149	Third Party Advisory VDB Entry
http://www.vmware.com/security/advisories/VMSA-2017-0006.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2017-06-07T18:00:00

Updated: 2017-07-11T09:57:01

Reserved: 2016-12-26T00:00:00

Link: CVE-2017-4902

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-06-07T18:29:00.317

Modified: 2022-02-03T19:03:05.937

Link: CVE-2017-4902

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "ESXi", "vendor": "VMware", "versions": [{"status": "affected", "version": "6.5 without patch ESXi650-201703410-SG"}, {"status": "affected", "version": "5.5 without patch ESXi550-201703401-SG"}]}, {"product": "Workstation Pro / Player", "vendor": "VMware", "versions": [{"status": "affected", "version": "12.x prior to 12.5.5"}]}, {"product": "Fusion Pro / Fusion", "vendor": "VMware", "versions": [{"status": "affected", "version": "8.x prior to 8.5.6"}]}], "datePublic": "2017-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."}], "problemTypes": [{"descriptions": [{"description": "Heap Buffer Overflow", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-11T09:57:01", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"}, {"name": "1038148", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038148"}, {"name": "97163", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/97163"}, {"name": "1038149", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1038149"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2017-4902", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ESXi", "version": {"version_data": [{"version_value": "6.5 without patch ESXi650-201703410-SG"}, {"version_value": "5.5 without patch ESXi550-201703401-SG"}]}}, {"product_name": "Workstation Pro / Player", "version": {"version_data": [{"version_value": "12.x prior to 12.5.5"}]}}, {"product_name": "Fusion Pro / Fusion", "version": {"version_data": [{"version_value": "8.x prior to 8.5.6"}]}}]}, "vendor_name": "VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Heap Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"}, {"name": "1038148", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038148"}, {"name": "97163", "refsource": "BID", "url": "http://www.securityfocus.com/bid/97163"}, {"name": "1038149", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1038149"}]}}}}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2017-4902", "datePublished": "2017-06-07T18:00:00", "dateReserved": "2016-12-26T00:00:00", "dateUpdated": "2017-07-11T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "5DB0B91B-F8F6-456F-8FBD-7B98A9ABA95A", "versionEndExcluding": "12.5.5", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F1AB0A-CD31-4FE7-AE1F-4C6A111D1C62", "versionEndExcluding": "12.5.5", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:*", "matchCriteriaId": "BB90FDCA-A848-4D4D-8A6F-FD04D702EC85", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:5.5:1:*:*:*:*:*:*", "matchCriteriaId": "4DC223AC-EB3D-48CF-A6CC-D35E00A38394", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:5.5:2:*:*:*:*:*:*", "matchCriteriaId": "75C8E87E-A869-49F8-89F9-DE64A45CDB35", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:5.5:3a:*:*:*:*:*:*", "matchCriteriaId": "E7F8878C-F73D-4549-9607-74880176D2B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:5.5:3b:*:*:*:*:*:*", "matchCriteriaId": "E47D369F-13B2-42B3-BB74-60AAD0954B26", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*", "matchCriteriaId": "04FA10C6-2B0D-47C9-8C4E-1BA98C97DC7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*", "matchCriteriaId": "0D2ED442-3F6D-472A-AA98-51D05A65B2E0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*", "matchCriteriaId": "2A71EC72-3389-4EC7-8104-2A78F7B8C0DC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "C05F1671-5010-4BB5-BFA7-217FBB946B59", "versionEndExcluding": "8.5.6", "versionStartIncluding": "8.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "AB3E0004-E6F1-4C0D-9B24-A7F1AF4BCBD8", "versionEndExcluding": "8.5.6", "versionStartIncluding": "8.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have a Heap Buffer Overflow in SVGA. This issue may allow a guest to execute code on the host."}, {"lang": "es", "value": "Wmware ESXi sin el parche ESXi650-201703410-SG y 5.5 sin el parche ESXi550-201703401-SG; Workstation Pro / Player 12.x anterior a 12.5.5 y Fusion Pro /Fusion 8.x anterior a la 8.5.6 tiene un buffer overflow basado en el heap --heap-- en SVGA. Este problema permitir\u00eda a un hu\u00e9sped ejecutar c\u00f3digo en el host."}], "id": "CVE-2017-4902", "lastModified": "2022-02-03T19:03:05.937", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-07T18:29:00.317", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/97163"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038148"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1038149"}, {"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2017-0006.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}