PT-2017-16208 · Vmware · Vmware Esxi+3
Publicado
2017-09-15
·
Atualizado
2022-02-03
·
CVE-2017-4925
CVSS v3.1
5.5
Média
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
VMware ESXi versions 6.5 without patch ESXi650-201707101-SG
VMware ESXi versions 6.0 without patch ESXi600-201706101-SG
VMware ESXi versions 5.5 without patch ESXi550-201709101-SG
Workstation versions 12.x before 12.5.3
Fusion versions 8.x before 8.5.4
Description
The issue is a NULL pointer dereference that occurs when handling guest RPC requests. Successful exploitation may allow attackers with normal user privileges to crash their VMs.
Recommendations
For VMware ESXi 6.5, apply patch ESXi650-201707101-SG to resolve the issue.
For VMware ESXi 6.0, apply patch ESXi600-201706101-SG to resolve the issue.
For VMware ESXi 5.5, apply patch ESXi550-201709101-SG to resolve the issue.
For Workstation 12.x, update to version 12.5.3 or later to resolve the issue.
For Fusion 8.x, update to version 8.5.4 or later to resolve the issue.
Correção
NULL Pointer Dereference
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fusion
Vmware Esxi
Vmware Workstation
Workstation