Skip to main content

Vcenter Server CVE-2017-4943

HIGH
Out-of-bounds Write (CWE-787)
2017-12-20 security@vmware.com
7.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 20, 2017 - 15:29 cve.org
HIGH 7.8

DescriptionCVE.org

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.

AnalysisAI

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. Affected products include: Vmware Vcenter Server. Version information: before 6.5.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2015-2342 CRITICAL POC
10.0 Oct 12

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not r

CVE-2021-22005 CRITICAL POC
9.8 Sep 23

The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. Rated critical severity (CV

CVE-2021-21985 CRITICAL POC
9.8 May 26

The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual

CVE-2021-21972 CRITICAL POC
9.8 Feb 24

The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. Rated critical sev

CVE-2024-37081 HIGH POC
7.8 Jun 18

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. Rated h

CVE-2021-22015 HIGH POC
7.8 Sep 23

The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper permissions of files and

CVE-2020-3952 CRITICAL POC
9.8 Apr 10

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Servi

CVE-2022-31680 CRITICAL POC
9.1 Oct 07

The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). Rated cri

CVE-2013-1405 CRITICAL
10.0 Feb 15

VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, VMware VirtualCenter 2.5, VMware vSphere Client 4.0

CVE-2016-2078 MEDIUM POC
6.1 Jun 08

Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before upd

CVE-2017-4923 CRITICAL
9.8 Aug 01

VMware vCenter Server (6.5 prior to 6.5 U1) contains an information disclosure vulnerability. Rated critical severity (C

CVE-2024-38813 CRITICAL
9.8 Sep 17

The vCenter Server contains a privilege escalation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability

Share

CVE-2017-4943 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy