Multiple vulnerabilities in VmWare products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2017-4948 CVE-2017-4945 CVE-2017-4946 |
| CWE-ID | CWE-125 CWE-264 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
VMware Horizon Server applications / Virtualization software VMware Workstation Client/Desktop applications / Virtualization software VMware Fusion Client/Desktop applications / Virtualization software VMware vRealize Operations for Published Applications Server applications / Remote management servers, RDP, SSH Other |
| Vendor |
VMware, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU9928
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4948
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to obtain potentially sensitive information or cause DoS condition on the target system.
The weakness exists due to an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll'). An adjacent attacker can read arbitrary data on the host system or cause the View desktop system to crash.
Update VMware Horizon View to version 4.7.0.
Update VMware Workstation to version 14.1.
VMware Horizon: 4.0 - 4.6.1
VMware Workstation: 12.0.0 - 12.5.8
CPE2.3- cpe:2.3:a:vmware:vmware_horizon:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_horizon:4.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_horizon:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2018-0003.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security restrictions bypass
EUVDB-ID: #VU9929
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4945
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain unauthorized access to the target system.
The weakness exists due to insufficient security restrictions. An adjacent attacker can bypass certain security restrictions and gain access to a guest system that may result in further attacks.
Install update from vendor's website.
VMware Fusion: 8.0 - 10.0
VMware Workstation: 12.0.0 - 14.0
CPE2.3- cpe:2.3:a:vmware:vmware_fusion:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2018-0003.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Privilege escalation
EUVDB-ID: #VU9930
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4946
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to an unspecified condition in the vRealize Operations for Horizon and the vRealize Operations for Published Applications desktop agents. A local attacker can gain system privileges and perform further attacks.
Update to version 4.5.1.
VMware vRealize Operations for Published Applications: 6.0.0 - 6.5.0
: 6.0.0 - 6.5.0
:
CPE2.3- cpe:2.3:a:vmware:vmware_vrealize_operations_for_published_applications:6.0.0:*:*:*:*:vmware_horizon:*:*
- cpe:2.3:a:vmware:vmware_vrealize_operations_for_published_applications:6.1.0:*:*:*:*:vmware_horizon:*:*
- cpe:2.3:a:vmware:vmware_vrealize_operations_for_published_applications:6.1.2:*:*:*:*:vmware_horizon:*:*
- cpe:2.3::::6.0.0:*:*:*:*:*:*:*
- cpe:2.3::::6.1.2:*:*:*:*:*:*:*
- cpe:2.3::::6.2.0:*:*:*:*:*:*:*
- cpe:2.3:::::*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2018-0003.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
