PT-2017-16208 · Vmware · Vmware Esxi+3
Published
2017-09-15
·
Updated
2022-02-03
·
CVE-2017-4925
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
VMware ESXi versions 6.5 without patch ESXi650-201707101-SG
VMware ESXi versions 6.0 without patch ESXi600-201706101-SG
VMware ESXi versions 5.5 without patch ESXi550-201709101-SG
Workstation versions 12.x before 12.5.3
Fusion versions 8.x before 8.5.4
Description
The issue is a NULL pointer dereference that occurs when handling guest RPC requests. Successful exploitation may allow attackers with normal user privileges to crash their VMs.
Recommendations
For VMware ESXi 6.5, apply patch ESXi650-201707101-SG to resolve the issue.
For VMware ESXi 6.0, apply patch ESXi600-201706101-SG to resolve the issue.
For VMware ESXi 5.5, apply patch ESXi550-201709101-SG to resolve the issue.
For Workstation 12.x, update to version 12.5.3 or later to resolve the issue.
For Fusion 8.x, update to version 8.5.4 or later to resolve the issue.
Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fusion
Vmware Esxi
Vmware Workstation
Workstation