CVE-2017-4921 — Improper Privilege Management in Vmware Vcenter Server

3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.8%

top 25.36%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vcenter Server

Timeline

PublishedAug 1

Latest updateMay 13

Description

VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure library loading issue that occurs due to the use of LD_LIBRARY_PATH variable in an unsafe manner. Successful exploitation of this issue may allow unprivileged host users to load a shared library that may lead to privilege escalation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

▶NVDvmware/vcenter_server6.5

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-cvwm-vf9r-8r57: VMware vCenter Server (6↗2022-05-13

▶

CVEList

CVE-2017-4921: VMware vCenter Server (6↗2017-08-01

▶