Heap Buffer-Overflow Vulnerability in VMware Unified Access Gateway and Horizon View
CVE-2017-4907

9.8CRITICAL

Key Information:

Vendor: Vmware
Status: Unified Access Gateway; Horizon View
Vendor: CVE Published:; 8 June 2017

What is CVE-2017-4907?

VMware Unified Access Gateway and Horizon View present a vulnerability due to a heap buffer-overflow that could enable a remote attacker to execute arbitrary code on the security gateway. This risk affects several versions of both products, necessitating timely updates to mitigate potential exploitation.

Affected Version(s)

Horizon View 7.x prior to 7.1.0

Horizon View 6.x prior to 6.2.4

Unified Access Gateway 2.5.x

References

http://www.securitytracker.com/id/1038281

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/97914

vdb-entryx_refsource_BID

http://www.vmware.com/security/advisories/VMSA-2017-0008....

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 8, 2017
Vulnerability Reserved
Dec 26, 2016

Vmware

What is CVE-2017-4907?

Affected Version(s)

References

CVSS V3.1

Timeline