CVE-2017-4947
published 2018-01-29CVE-2017-4947: VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful…
PriorityP259critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
8.75%
94.5th percentile
VMware vRealize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | vmware_vrealize | — | — |
| vmware | vmware_vsphere | — | — |
| vmware | vrealize_automation | — | — |
| vmware | vrealize_automation | — | — |
| vmware | vrealize_automation | — | — |
| vmware | vsphere_integrated_containers | < 1.3.0 | 1.3.0 |
| vmware | vsphere_integrated_containers | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is a deserialization flaw in the Xenon component of vRealize Automation and vSphere Integrated Containers; monitor for anomalous deserialization-related traffic or payloads targeting the Xenon service endpoint on affected appliances. ↗
- →Affected versions are vRealize Automation 7.2 and 7.3 running on Linux; detection should focus on these specific versions as 7.0.x, 7.1.x, and 6.x are not affected. ↗
- →vSphere Integrated Containers 1.x (before 1.3) is also affected; monitor VIC 1.x appliances for exploitation attempts via the Xenon deserialization vector. ↗
- ·No mitigation or workaround is available for CVE-2017-4947; patching is the only remediation path for all affected products. ↗
- ·vRA versions 6.x, 7.0.x, and 7.1.x are explicitly not affected by CVE-2017-4947; ensure detection rules scope to 7.2 and 7.3 only to avoid false positives. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7h28-vxhx-xhw6: VMware Realize Automation (7
ghsa_unreviewed·2022-05-14
CVE-2017-4947 [CRITICAL] CWE-502 GHSA-7h28-vxhx-xhw6: VMware Realize Automation (7
VMware Realize Automation (7.3 and 7.2) and vSphere Integrated Containers (1.x before 1.3) contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance.
VMware
vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
vendor_vmware·2018-01-26·CVSS 9.8
CVE-2017-4947 [CRITICAL] vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
VMSA-2018-0006: vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities
vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities 2. Relevant Products vRealize Automation (vRA) vSphere Integrated Containers (VIC) VMware AirWatch Console (AWC) 3. Problem Description a. vRealize Automation and vSphere Integrated Containers deserialization vulnerability via Xenon vRealize Automation and vSphere Integrated Containers contain a deserialization vulnerability via Xenon. Successful exploitation of this issue may allow remote attackers to execute arbitrary code on the appliance. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifi
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/102852http://www.securitytracker.com/id/1040289http://www.securitytracker.com/id/1040290https://www.vmware.com/security/advisories/VMSA-2018-0006.htmlhttp://www.securityfocus.com/bid/102852http://www.securitytracker.com/id/1040289http://www.securitytracker.com/id/1040290https://www.vmware.com/security/advisories/VMSA-2018-0006.html
2018-01-29
Published