Vulnerability CVE-2017-4933 - CERT Civis.Net

Vulnerability Name:

CVE-2017-4933 (CCN-136593)

Assigned:

2016-12-26

Published:

2017-12-19

Updated:

2022-02-03

Summary:

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session.
Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine's .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.0 Medium (CVSS v2 Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2017-4933

Source: CCN
Type: SECTRACK ID: 1040024
VMware ESXi Buffer Overflows in Processing VNC Packets Let Remote Authenticated Users Execute Arbitrary Code and an Input Validation Flaw in the Host Client Lets Remote Users Conduct Cross-Site Scripting Attacks

Source: CCN
Type: SECTRACK ID: 1040025
VMware Workstation and Fusion Buffer Overflows in Processing VNC Packets Let Remote Authenticated Users Execute Arbitrary Code

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1040024

Source: SECTRACK
Type: Third Party Advisory, VDB Entry
1040025

Source: XF
Type: UNKNOWN
vmware-cve20174933-bo(136593)

Source: CCN
Type: Talos Vulnerability Report TALOS-2017-0368
VMware VNC Dynamic Resolution Request Code Execution Vulnerability

Source: CCN
Type: VMware Security Advisory VMSA-2017-0021
VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities

Source: CONFIRM
Type: Issue Tracking, Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2017-0021.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:vmware:workstation_pro:*:*:*:*:*:*:*:* (Version >= 12.0.0 and < 12.5.8)

OR cpe:/a:vmware:workstation_pro:14.0:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation_pro:14.1.0:*:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:-:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*

OR cpe:/o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*

Configuration 2:

cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version >= 8.0.0 and < 8.5.9)

AND

cpe:/o:apple:mac_os_x:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:vmware:esxi:6.5:*:*:*:*:*:*:*

OR cpe:/a:vmware:workstation:12.5.6:*:*:*:*:*:*:*

OR cpe:/a:vmware:fusion:8.5.7:*:*:*:*:*:*:*

Denotes that component is vulnerable