CVE-2017-4907

9.8CRITICAL

Key Information:

Vendor: Vmware
Status: Unified Access Gateway; Horizon View
Vendor: CVE Published:; 8 June 2017

Summary

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.

Affected Version(s)

Horizon View 7.x prior to 7.1.0

Horizon View 6.x prior to 6.2.4

Unified Access Gateway 2.5.x

References

http://www.securitytracker.com/id/1038281

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/97914

vdb-entryx_refsource_BID

http://www.vmware.com/security/advisories/VMSA-2017-0008....

x_refsource_CONFIRM

EPSS Score

3% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 8, 2017
Vulnerability Reserved
Dec 26, 2016