CVE-2017-4945Vmware Fusion vulnerability

4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 79.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware FusionVmware Workstation
Timeline
PublishedJan 5
Latest updateMay 13

Description

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5vmware/fusion10.x, 8.x+1
NVDvmware/fusion20 versions+19
CVEListV5vmware/workstation12.x, 14.x+1
NVDvmware/workstation16 versions+15

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-8xhx-57h6-9j99: VMware Workstation (142022-05-13
CVEList
CVE-2017-4945: VMware Workstation (142018-01-05

💥Exploits & PoCs

1
Exploit-DB
Ingenious 2.3.0 - Arbitrary File Upload2017-10-30
CVE-2017-4945 — Vmware Fusion vulnerability | cvebase