VMware vSphere ESXi (ESXi)
VMware vCenter Server (vCenter)
**Description: **
ESXi contains a command injection vulnerability due to the use of vulnerable version of busybox that does not sanitize filenames which may result into executing any escape sequence in the shell. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
Known Attack Vectors:
An attacker may exploit this issue by tricking an ESXi Admin into executing shell commands by providing a malicious file.
Resolution:
To remediate CVE-2017-16544 update/upgrade to the versions listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
Workarounds:
None.
Additional Documentations:
None.
Acknowledgements:
VMware would like to thank Zhouyuan Yang of Fortinet’s FortiGuard Labs for notifying about this issue to us.
Response Matrix: