Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveVmwareCVE-2017-4905
HistoryJun 07, 2017 - 6:29 p.m.

CVE-2017-4905

2017-06-0718:29:00
CWE-908
vmware
web.nvd.nist.gov
91
vmware
esxi
vulnerability
uninitialized memory
patch
nvd

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.

Affected configurations

Nvd
Node
vmwarefusionRange8.0.08.5.6
OR
vmwarefusion_proRange8.0.08.5.6
AND
applemac_os_xMatch-
Node
vmwareworkstation_playerRange12.0.012.5.5
OR
vmwareworkstation_proRange12.0.012.5.5
OR
vmwareesxiMatch5.5-
OR
vmwareesxiMatch5.51
OR
vmwareesxiMatch5.52
OR
vmwareesxiMatch5.53a
OR
vmwareesxiMatch5.53b
OR
vmwareesxiMatch6.0-
OR
vmwareesxiMatch6.01
OR
vmwareesxiMatch6.01a
OR
vmwareesxiMatch6.01b
OR
vmwareesxiMatch6.02
OR
vmwareesxiMatch6.03
OR
vmwareesxiMatch6.03a
OR
vmwareesxiMatch6.5-

CNA Affected

[
  {
    "product": "ESXi",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "6.5 without patch ESXi650-201703410-SG"
      },
      {
        "status": "affected",
        "version": "6.0 U3 without patch ESXi600-201703401-SG"
      },
      {
        "status": "affected",
        "version": "6.0 U2 without patch ESXi600-201703403-SG"
      },
      {
        "status": "affected",
        "version": "6.0 U1 without patch ESXi600-201703402-SG"
      },
      {
        "status": "affected",
        "version": "5.5 without patch ESXi550-201703401-SG"
      }
    ]
  },
  {
    "product": "Workstation Pro / Player",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "12.x prior to 12.5.5"
      }
    ]
  },
  {
    "product": "Fusion Pro / Fusion",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "8.x prior to 8.5.6"
      }
    ]
  }
]

Related

cvelist 1
nvd 1
zdi 1
prion 1
zdt 1
nessus 7
exploitpack 1
exploitdb 1
openvas 5
vmware 1
threatpost 1
ibm 1
cvelist
cvelist
CVE-2017-4905
2017-06-07 18:00:00
nvd
nvd
CVE-2017-4905
2017-06-07 18:29:00
zdi
zdi
(Pwn2Own) VMware Workstation Uninitialized Memory Information Disclosure Vulnerability
2017-03-30 00:00:00
prion
prion
Memory corruption
2017-06-07 18:29:00
zdt
zdt
VMware WorkStation 12.5.3 - Virtual Machine Escape Exploit
2019-11-25 00:00:00
nessus
nessus
ESXi 5.5 < Build 5230635 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)
2017-03-31 00:00:00
ESXi 6.5 < Build 5224529 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)
2017-03-31 00:00:00
ESXi 6.0 U1 < Build 5251621 / 6.0 U2 < Build 5251623 / 6.0 U3 < Build 5224934 Multiple Vulnerabilities (VMSA-2017-0006) (remote check)
2017-03-31 00:00:00
exploitpack
exploitpack
VMware WorkStation 12.5.3 - Virtual Machine Escape
2019-06-06 00:00:00
exploitdb
exploitdb
VMware WorkStation 12.5.3 - Virtual Machine Escape
2019-06-06 00:00:00
openvas
openvas
VMware Workstation Code Execution And Information Disclosure Vulnerabilities - Linux
2017-07-03 00:00:00
VMware Fusion Code Execution And Information Disclosure Vulnerabilities - Mac OS X
2017-07-03 00:00:00
VMware ESXi updates address critical and moderate security issues (VMSA-2017-0006)
2017-03-31 00:00:00
vmware
vmware
VMware ESXi, Workstation and Fusion updates address critical and moderate security issues
2017-03-28 00:00:00
threatpost
threatpost
VMware Patches Pwn2Own VM Escape Vulnerabilities
2017-03-29 12:00:04
ibm
ibm
Security Bulletin: Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905)
2019-06-25 19:40:02

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

38.5%

JSON
Related for CVE-2017-4905
cvelist1nvd1zdi1prion1zdt1nessus7exploitpack1exploitdb1openvas5vmware1threatpost1ibm1