CVE-2017-4925

CWE-476 — NULL Pointer Dereference3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.2%

top 59.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation PRO +1 more

Timeline

PublishedSep 15

Latest updateMay 13

Description

VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without patch ESXi600-201706101-SG, ESXi 5.5 without patch ESXi550-201709101-SG, Workstation (12.x before 12.5.3), Fusion (8.x before 8.5.4) contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5vmware/esxi5.5 without patch ESXi550-201709101-SG, 6.0 without patch ESXi600-201706101-SG, 6.5 without patch ESXi650-201707101-SG+2

▶NVDvmware/esxi5.5, 6.0, 6.5+2

▶NVDvmware/fusion8.0.0 — 8.5.4

▶NVDvmware/workstation12.0.0 — 12.5.3

▶NVDvmware/workstation_pro12.0.0 — 12.5.3

🔴Vulnerability Details

GHSA

GHSA-vm9p-h4v4-cfq7: VMware ESXi 6↗2022-05-13

▶

CVEList

CVE-2017-4925: VMware ESXi 6↗2017-09-15

▶