CVE-2017-4946
HIGH EXPLOITEDVMware V4H & V4PA <6.5.1 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2017-4946 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/102441
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040136
Scores
CVSS v3
7.8
EPSS
0.0035
EPSS Percentile
57.5%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2024-07-25
CWE
CWE-863
Status
published
Products (2)
vmware/vrealize_operations_for_horizon
6.0 - 6.5.1
vmware/vrealize_operations_for_published_applications
6.1.0 - 6.5.1
Published
Jan 05, 2018
Tracked Since
Feb 18, 2026