cbcvebase.
CVE-2017-4946
published 2018-01-05

CVE-2017-4946: The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a…

PriorityP276high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.50%
38.9th percentile
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.

Affected

11 ranges
VendorProductVersion rangeFixed in
vmwarefusion_pro
vmwarevmware_fusion
vmwarevmware_horizon
vmwarevmware_tools
vmwarevmware_workstation
vmwarevrealize_operations_for_horizon
vmwarevrealize_operations_for_horizon>= 6.0 < 6.5.16.5.1
vmwarevrealize_operations_for_published_applications
vmwarevrealize_operations_for_published_applications>= 6.1.0 < 6.5.16.5.1
vmwareworkstation_player
vmwareworkstation_pro

Detection & IOCsextracted from sources · hover to see the quote

  • Privilege escalation vulnerability in V4H and V4PA desktop agents (6.x before 6.5.1) allows a low-privileged Windows user to escalate to SYSTEM
  • CVE-2017-4946 affects V4H and V4PA agents version 6.x running on Windows; monitor for unexpected SYSTEM-level process spawning from low-privileged user sessions on hosts running these agents
  • ·Workaround KB52195 is available for both V4H and V4PA 6.x on Windows as an alternative to patching to 6.5.1
  • ·The V4H agent (6.5.1) is also bundled with Horizon 7.4, meaning Horizon 7.4 deployments may also carry the patched agent

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.