CVE-2017-16544
HIGHVMware ESXi - Remote Code Execution via BusyBox Tab Autocomplete
Title source: llmDescription
In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks.
References (20)
Core 20
Core References
Third Party Advisory x_refsource_misc
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
Patch, Vendor Advisory x_refsource_misc
https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/3935-1/
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Jun/18
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Jun/14
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2019/Sep/7
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_bugtraq
https://seclists.org/bugtraq/2019/Sep/7
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154361/Cisco-Device-Hardcoded-Credentials-GNU-glibc-BusyBox.html
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2019-0013.html
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/154536/VMware-Security-Advisory-2019-0013.html
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Mar/15
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Aug/20
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2020/Sep/6
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Jan/39
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Aug/21
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2022/Jun/36
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/167552/Nexans-FTTO-GigaSwitch-Outdated-Components-Hardcoded-Backdoor.html
Scores
CVSS v3
8.8
EPSS
0.0331
EPSS Percentile
87.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (8)
busybox/busybox
< 1.27.2
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
16.04
debian/debian_linux
8.0
debian/debian_linux
9.0
redlion/n-tron_702-w_firmware
redlion/n-tron_702m12-w_firmware
vmware/esxi
6.0 (43 CPE variants)
Published
Nov 20, 2017
Tracked Since
Feb 18, 2026