SB2018011010 - Multiple vulnerabilities in VmWare products
Published: January 10, 2018
Security Bulletin ID
SB2018011010
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-4948)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information or cause DoS condition on the target system.The weakness exists due to an out-of-bounds memory read error in Cortado ThinPrint ('TPView.dll'). An adjacent attacker can read arbitrary data on the host system or cause the View desktop system to crash.
2) Security restrictions bypass (CVE-ID: CVE-2017-4945)
The vulnerability allows an adjacent attacker to gain unauthorized access to the target system.The weakness exists due to insufficient security restrictions. An adjacent attacker can bypass certain security restrictions and gain access to a guest system that may result in further attacks.
3) Privilege escalation (CVE-ID: CVE-2017-4946)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to an unspecified condition in the vRealize Operations for Horizon and the vRealize Operations for Published Applications desktop agents. A local attacker can gain system privileges and perform further attacks.
Remediation
Install update from vendor's website.