CVE-2017-4919

CRITICAL

VMware vCenter Server <6.5 - Privilege Escalation

Title source: llm
STIX 2.1

Description

VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1039004
Mitigation, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2017-0012.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/100102

Scores

CVSS v3 9.0
EPSS 0.0092
EPSS Percentile 76.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-306
Status published
Products (4)
vmware/vcenter_server 5.5
vmware/vcenter_server 6.0
vmware/vcenter_server 6.5
VMware/VMware vCenter Server VMware vCenter Server 5.5.x, 6.0.x, 6.5.x
Published Jul 28, 2017
Tracked Since Feb 18, 2026