CVE-2017-4918

CWE-77Command Injection3 documents3 sources
Severity
9.8CRITICAL
EPSS
3.0%
top 13.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Horizon View Client FOR MACVmware Horizon View
Timeline
PublishedJun 8
Latest updateMay 17

Description

VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5vmware/horizon_view_client_for_mac2.x, 3.x, 4.x prior to 4.5.0+2
NVDvmware/horizon_view14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-qr5w-hhfh-gp9g: VMware Horizon View Client (22022-05-17
CVEList
CVE-2017-4918: VMware Horizon View Client (22017-06-08
CVE-2017-4918 (CRITICAL CVSS 9.8) | VMware Horizon View Client (2.x | cvebase.io