CVE-2017-4945
Last modified
CVE-2017-4945 is a vulnerability of currently unknown severity. VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. EPSS estimates a 0.43% chance of exploitation in the next 30 days.
Description
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | 12.0.0 |
| Vmware | Workstation | 12.0.1 |
| Vmware | Workstation | 12.1 |
| Vmware | Workstation | 12.1.1 |
| Vmware | Workstation | 12.5 |
| Vmware | Workstation | 12.5.0 |
| Vmware | Workstation | 12.5.1 |
| Vmware | Workstation | 12.5.2 |
| Vmware | Workstation | 12.5.3 |
| Vmware | Workstation | 12.5.4 |
| Vmware | Workstation | 12.5.5 |
| Vmware | Workstation | 12.5.6 |
| Vmware | Workstation | 12.5.7 |
| Vmware | Workstation | 12.5.8 |
| Vmware | Workstation | 12.5.9 |
| Vmware | Workstation | 14.0 |
| Vmware | Fusion | 8.0 |
| Vmware | Fusion | 8.0.1 |
| Vmware | Fusion | 8.0.2 |
| Vmware | Fusion | 8.1 |
| Vmware | Fusion | 8.1.1 |
| Vmware | Fusion | 8.5 |
| Vmware | Fusion | 8.5.1 |
| Vmware | Fusion | 8.5.2 |
| Vmware | Fusion | 8.5.3 |
| Vmware | Fusion | 8.5.4 |
| Vmware | Fusion | 8.5.5 |
| Vmware | Fusion | 8.5.6 |
| Vmware | Fusion | 8.5.7 |
| Vmware | Fusion | 8.5.8 |
| Vmware | Fusion | 8.5.9 |
| Vmware | Fusion | 8.5.10 |
| Vmware | Fusion | 10.0 |
| Vmware | Fusion | 10.0.1 |
| Vmware | Fusion | 10.1.0 |
| Vmware | Fusion | 10.1.1 |
References
- http://www.securityfocus.com/bid/102441Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040109Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040136Third Party Advisory, VDB Entry
- https://www.vmware.com/us/security/advisories/VMSA-2018-0003.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/102441Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040109Third Party Advisory, VDB Entry
- http://www.securitytracker.com/id/1040136Third Party Advisory, VDB Entry
- https://www.vmware.com/us/security/advisories/VMSA-2018-0003.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-4945?
How severe is CVE-2017-4945?
How do I fix CVE-2017-4945?
Are you affected by CVE-2017-4945?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST