Insufficient Data Validation in VMware Horizon DaaS Affects Users' Drives and Devices
CVE-2017-4897

5.5MEDIUM

Key Information:

Vendor
Vmware
Vendor
CVE Published:
31 May 2017

Summary

VMware Horizon DaaS prior to version 7.0.0 is vulnerable due to inadequate validation of user data. This vulnerability allows attackers to exploit the system by deceiving users into connecting to a malicious server. Once connected, the attackers can gain access to users' drives and devices through a specially crafted RDP file that the victim unwittingly downloads by clicking on a harmful link. As the attack relies on user interaction, it poses a significant risk to unsuspecting individuals who utilize the DaaS client.

Affected Version(s)

Horizon DaaS prior to 7.0.0

References

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.