CVE-2017-4905

5.5MEDIUM

Key Information:

Vendor
Vmware
Status
Esxi
Workstation Pro / Player
Fusion Pro / Fusion
Vendor
CVE Published:
7 June 2017

Summary

VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 have uninitialized memory usage. This issue may lead to an information leak.

Affected Version(s)

ESXi 6.5 without patch ESXi650-201703410-SG

ESXi 6.0 U3 without patch ESXi600-201703401-SG

ESXi 6.0 U2 without patch ESXi600-201703403-SG

References

http://www.securityfocus.com/bid/97164
vdb-entryx_refsource_BID
http://www.vmware.com/security/advisories/VMSA-2017-0006....
x_refsource_CONFIRM
http://www.securitytracker.com/id/1038148
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.