CVE-2017-4919

CWE-306 — Missing Authentication3 documents3 sources

Severity

9.0CRITICAL

EPSS

0.9%

top 24.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vmware Vcenter Server Vmware Vcenter Server

Timeline

PublishedJul 28

Latest updateMay 13

Description

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 2.2 | Impact: 6.0

Affected Packages2 packages

▶NVDvmware/vcenter_server5.5, 6.0, 6.5+2

▶CVEListV5vmware/vmware_vcenter_serverVMware vCenter Server 5.5.x, 6.0.x, 6.5.x

🔴Vulnerability Details

GHSA

GHSA-h7jp-76rq-hgj5: VMware vCenter Server 5↗2022-05-13

▶

CVEList

CVE-2017-4919: VMware vCenter Server 5↗2017-07-28

▶