Davoud Teimouri

Virtualization & Datacenter

VMware ESXi, Fusion and Workstation – Security Vulnerabilities

Security Vulnerabilities


There is some security vulnerabilities that some VMware’s products are affected by those. The below VMware’s products are affected by the security vulnerabilities:

  • VMware ESXi (ESXi)
  • VMware vCenter Server
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Workstation Pro / Player (Workstation)

Problems Description


Out-of-bounds write vulnerability in SVGA

VMware ESXi, Workstation & Fusion contain an out-of-bounds write vulnerability in SVGA driver. This issue may allow a guest to execute code on the host. (CVE-2017-4924)

Resolution

VMware Product Product Version Running on Severity Replace with or 

Apply Path 

Mitigation Workaround 
ESXi 6.5 ESXi Critical ESXi650-201707101-SG None 
ESXi 6.0 ESXi N/A Not affected N/A 
ESXi 5.5 ESXi N/A Not affected N/A 
Workstation 12.x Any Critical 12.5.7 None 
Fusion 8.x MacOS X Critical 8.5.8 None 

Guest RPC NULL pointer dereference vulnerability

VMware ESXi, Workstation & Fusion contain a NULL pointer dereference vulnerability. This issue occurs when handling guest RPC requests. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. (CVE-2017-4925)

Resolution

VMware Product Product Version Running on Severity Replace with or 

Apply Path 

Mitigation Workaround 
ESXi 6.5 ESXi Moderate ESXi650-201707101-SG None 
ESXi 6.0 ESXi Moderate ESXi600-201706101-SG None 
ESXi 5.5 ESXi Moderate ESXi550-201709101-SG None 
Workstation 12.x Any Moderate 12.5.3 None 
Fusion 8.x MacOS X Moderate 8.5.4 None 

Stored XSS in H5 Client

vCenter Server H5 Client contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page. (CVE-2017-4926)

Resolution

VMware Product Product Version Running on Severity Replace with or 

Apply Path 

Mitigation Workaround 
vCenter 6.5 Windows Moderate 6.5 U1 None 
vCenter 6.0 Windows N/A Not affected N/A 
vCenter 5.5 Windows N/A Not affected N/A 

6,270 total views, 6 views today

VMware ESXi, Fusion and Workstation – Security Vulnerabilities
5 (100%) 3 Votes

Davoud Teimouri is as a professional blogger, vExpert 2015-2016-2017, VCA, MCITP. This blog is started with simple posts and now, it has large following readers.

Leave a Reply

Your email address will not be published. Required fields are marked *

Teimouri.net © 2012 Frontier Theme
%d bloggers like this:
Read more:
kernel: WARNING: at fs/sysfs/dir.c:536 sysfs_add_one+0xbb/0xe0 – Oracle Enterprise Linux

Most of modern servers hardware are using UEFI instead of legacy BIOS and modern OS has dedicated partition to stores...

Close