6.5

CVE-2017-4938

VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a guest RPC NULL pointer dereference vulnerability. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMwareWorkstation Version12.0.0
VMwareWorkstation Version12.0.1
VMwareWorkstation Version12.1
VMwareWorkstation Version12.1.1
VMwareWorkstation Version12.5
VMwareWorkstation Version12.5.1
VMwareWorkstation Version12.5.2
VMwareWorkstation Version12.5.3
VMwareWorkstation Version12.5.4
VMwareWorkstation Version12.5.5
VMwareWorkstation Version12.5.6
VMwareWorkstation Version12.5.7
VMwareFusion Version8.0.0
VMwareFusion Version8.0.1
VMwareFusion Version8.0.2
VMwareFusion Version8.1.0
VMwareFusion Version8.1.1
VMwareFusion Version8.5.0
VMwareFusion Version8.5.1
VMwareFusion Version8.5.2
VMwareFusion Version8.5.3
VMwareFusion Version8.5.4
VMwareFusion Version8.5.5
VMwareFusion Version8.5.6
VMwareFusion Version8.5.7
VMwareFusion Version8.5.8
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.108
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2 4
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:N/I:N/A:P
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.securitytracker.com/id/1039835
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/101887
Third Party Advisory
VDB Entry