FKIE_CVE-2017-4945

Vulnerability from fkie_nvd - Published: 2018-01-05 14:29 - Updated: 2024-11-21 03:26
Severity ?
5.5 (Medium) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.
References
security@vmware.comhttp://www.securityfocus.com/bid/102441Third Party Advisory, VDB Entry
security@vmware.comhttp://www.securitytracker.com/id/1040109Third Party Advisory, VDB Entry
security@vmware.comhttp://www.securitytracker.com/id/1040136Third Party Advisory, VDB Entry
security@vmware.comhttps://www.vmware.com/us/security/advisories/VMSA-2018-0003.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102441Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040109Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040136Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.vmware.com/us/security/advisories/VMSA-2018-0003.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
vmware workstation 12.0.0
vmware workstation 12.0.1
vmware workstation 12.1
vmware workstation 12.1.1
vmware workstation 12.5
vmware workstation 12.5.0
vmware workstation 12.5.1
vmware workstation 12.5.2
vmware workstation 12.5.3
vmware workstation 12.5.4
vmware workstation 12.5.5
vmware workstation 12.5.6
vmware workstation 12.5.7
vmware workstation 12.5.8
vmware workstation 12.5.9
vmware workstation 14.0
vmware fusion 8.0
vmware fusion 8.0.1
vmware fusion 8.0.2
vmware fusion 8.1
vmware fusion 8.1.1
vmware fusion 8.5
vmware fusion 8.5.1
vmware fusion 8.5.2
vmware fusion 8.5.3
vmware fusion 8.5.4
vmware fusion 8.5.5
vmware fusion 8.5.6
vmware fusion 8.5.7
vmware fusion 8.5.8
vmware fusion 8.5.9
vmware fusion 8.5.10
vmware fusion 10.0
vmware fusion 10.0.1
vmware fusion 10.1.0
vmware fusion 10.1.1
apple mac_os_x -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C4C2CB0-9A2B-46B2-9E75-2BADAE722BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D38FB28D-8A42-4877-92AF-39EE04B14DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "180E48AF-AD42-4A00-948A-9C1D70BE53F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C64A90-90A2-450A-8A79-AB69B5A939DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE6B9B4F-53C5-4B47-89C4-AD221DC91D44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42EF613B-3436-4951-8F4D-9F22144E06CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E293B67-98C3-4D8E-883C-2F2F774AE6F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB307F39-3A90-4B62-B2BF-0E0CEBBBBC9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "838C7C08-15ED-4379-8A5B-9419D13AE7FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C064187-0870-4672-9D64-92D643FA9C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "60F08698-0194-4892-9A46-93C53C0C660B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "287275D4-E311-4A1B-BC5C-2FB3A64691E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED552760-4DB1-4E56-B6C1-23E053858055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6A4B5F2-7123-40C5-BBB7-D3EA3EA3B204",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:12.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D95044-581B-4634-8A5A-D6167AE4E2A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BB96DAF-5A43-4437-81BF-B47067336505",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "61B23099-25EB-44B6-A62B-2E46CD151994",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "20453B9E-D3AD-403F-B1A5-FB3300FBB0C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6759F732-8E65-49F7-B46C-B1E3F856B11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A55F26BA-4AFA-419A-BB0E-5C369F58F126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91C182F-A8D2-4ABF-B202-261056EF93D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B34B944F-073D-4B52-8B92-0620603885DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0C5D443-A330-40DF-939B-10597147CE7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "42BF8A2A-295D-44D6-A38E-D4C35437F380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC08D3D5-5D46-45C7-BD43-81E1D18FAB31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "574DB25B-51E1-466A-8089-5108DB5D6FBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BF7F09F-D8B3-40AF-9111-E7C14832C5A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "555DD10F-7EA8-4107-A31F-2C7CED41058D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EE4888B-156C-48BC-8035-3A0424CB6037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D4DA202-3D18-4DDC-89E4-81FFF68EDFD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B9D03A0-1256-4394-81F2-31352B7C92D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:8.5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6340A55-C86E-4DB3-B36E-2C5E9F74508C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3A7D240-B003-4A48-95DA-F201EB3658D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:10.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E86224-4DF3-403D-9183-1435E0A018E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB49D1C-F166-4B8F-8EDF-0D1211119C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:fusion:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "033109C6-28E8-44EE-AEDD-C3A2EDEA77D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4781BF1E-8A4E-4AFF-9540-23D523EE30DD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default."
    },
    {
      "lang": "es",
      "value": "VMware Workstation (14.x y 12.x) y Fusion (10.x y 8.x) contienen una vulnerabilidad de control de acceso invitado. Este problema podr\u00eda permitir la ejecuci\u00f3n de programas a trav\u00e9s de Unity en m\u00e1quinas virtuales de Windows bloqueadas. Se tiene que actualizar VMware Tools a la versi\u00f3n 10.2.0 para cada m\u00e1quina virtual para resolver CVE-2017-4945. La versi\u00f3n 10.2.0 de VMware Tools viene por defecto en Workstation 14.1.0 y Fusion 10.1.0."
    }
  ],
  "id": "CVE-2017-4945",
  "lastModified": "2024-11-21T03:26:44.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-05T14:29:10.467",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102441"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040109"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040136"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040109"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.