Vulnerability Name: CVE-2017-4904 (CCN-123962) Assigned: 2016-12-26 Published: 2017-03-28 Updated: 2022-02-07 Summary: The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5. CVSS v3 Severity: 8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H 7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): LowUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-119 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2017-4904 Open Source VMware Fusion Vulnerabilities in IBM Pure Application System (CVE-2017-4903, CVE-2017-4904, CVE-2017-4905) 97165 Multiple VMware Products CVE-2017-4904 Local Memory Corruption Vulnerability 1038148 1038149 VMware ESXi, Workstation and Fusion updates address critical and moderate security issues http://www.vmware.com/security/advisories/VMSA-2017-0006.html vmware-cve20174904-code-exec(123962) (Pwn2Own) VMware Workstation Uninitialized Memory Privilege Escalation Vulnerability Vulnerable Configuration: Configuration 1 :cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.5.6)OR cpe:/a:vmware:fusion_pro:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.5.6) AND cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:* Configuration 2 :cpe:/a:vmware:workstation_player:*:*:*:*:*:*:*:* (Version >= 12.0.0 and < 12.5.5)OR cpe:/a:vmware:workstation_pro:*:*:*:*:*:*:*:* (Version >= 12.0.0 and < 12.5.5) OR cpe:/o:vmware:esxi:5.5:-:*:*:*:*:*:* OR cpe:/o:vmware:esxi:5.5:1:*:*:*:*:*:* OR cpe:/o:vmware:esxi:5.5:2:*:*:*:*:*:* OR cpe:/o:vmware:esxi:5.5:3a:*:*:*:*:*:* OR cpe:/o:vmware:esxi:5.5:3b:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:-:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:1:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:1a:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:1b:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:2:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:3:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:3a:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.5:-:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:vmware:esxi:5.5:*:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.0:*:*:*:*:*:*:* OR cpe:/o:vmware:esxi:6.5:*:*:*:*:*:*:* AND cpe:/a:ibm:pureapplication_system:2.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.3:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.1.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.2.2:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:pureapplication_system:2.2.3.2:*:*:*:*:*:*:* BACK
vmware fusion *
vmware fusion pro *
apple mac os x -
vmware workstation player *
vmware workstation pro *
vmware esxi 5.5 -
vmware esxi 5.5 1
vmware esxi 5.5 2
vmware esxi 5.5 3a
vmware esxi 5.5 3b
vmware esxi 6.0 -
vmware esxi 6.0 1
vmware esxi 6.0 1a
vmware esxi 6.0 1b
vmware esxi 6.0 2
vmware esxi 6.0 3
vmware esxi 6.0 3a
vmware esxi 6.5 -
vmware esxi 5.5
vmware esxi 6.0
vmware esxi 6.5
ibm pureapplication system 2.1.0.0
ibm pureapplication system 2.1.0.1
ibm pureapplication system 2.1.0.2
ibm pureapplication system 2.1.1.0
ibm pureapplication system 2.1.2.0
ibm pureapplication system 2.1.2.1
ibm pureapplication system 2.2.0.0
ibm pureapplication system 2.2.1.0
ibm pureapplication system 2.1.2.3
ibm pureapplication system 2.2.2.0
ibm pureapplication system 2.2.2.1
ibm pureapplication system 2.1.2.4
ibm pureapplication system 2.2.2.2
ibm pureapplication system 2.2.3.0
ibm pureapplication system 2.2.3.1
ibm pureapplication system 2.2.3.2
Denotes that component is vulnerable