Vulnerabilities > CVE-2017-4945 - Unspecified vulnerability in VMWare Fusion and Workstation

047910
CVSS 5.5 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
local
low complexity
vmware
nessus

Summary

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.

Nessus

  • NASL familyWindows
    NASL idVMWARE_TOOLS_WIN_VMSA_2018_0003.NASL
    descriptionThe version of VMware Tools installed on the remote Windows host is 10.x prior to 10.2.0. It is, therefore, affected by multiple vulnerabilities including disclosure of memory contents and a DoS. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id105788
    published2018-01-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105788
    titleVMware Tools 10.x < 10.2.0 Multiple Vulnerabilities (VMSA-2018-0003)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105788);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/08");
    
      script_cve_id("CVE-2017-4945");
      script_bugtraq_id(102441);
      script_xref(name:"VMSA", value:"2018-0003");
    
      script_name(english:"VMware Tools 10.x < 10.2.0 Multiple Vulnerabilities (VMSA-2018-0003)");
      script_summary(english:"Checks the VMware Tools version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A virtualization tool suite is installed on the remote Windows host is
    affected by multiple vulnerabilities");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Tools installed on the remote Windows host
    is 10.x prior to 10.2.0. It is, therefore, affected by
    multiple vulnerabilities including disclosure of memory contents and a
    DoS.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0003.html");
      # https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS1020&productId=491
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d54c30a");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMware Tools version 10.2.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-4945");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vmware_tools");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("vmware_tools_installed.nbin", "vmware_vsphere_detect.nbin", "vmware_esxi_detection.nbin");
      script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Tools", "Host/ESXi/checked");
    
      exit(0);
    }
    
    include("vcf.inc");
    
    get_kb_item_or_exit("SMB/Registry/Enumerated");
    
    esx = get_kb_item("Host/ESXi");
    if (esx)
      audit(AUDIT_HOST_NOT, "affected");
    
    
    app_info = vcf::get_app_info(app:"VMware Tools", win_local:TRUE);
    
    constraints = [{ "min_version" : "0", "fixed_version" : "10.2.0" }];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOS_VMWARE_TOOLS_VMSA_2018_0003.NASL
    descriptionThe version of VMware Tools installed on the remote MacOS/MacOSX host is prior to 10.2.0. It is, therefore, affected by an unspecified flaw in VMware Tools related to improper guest access control. This allows a proximate attacker to execute programs via Unity mode on locked Windows VMs. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id105786
    published2018-01-13
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/105786
    titleVMware Tools < 10.2.0 Program Execution Vulnerability (VMSA-2018-0003) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(105786);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/08");
    
      script_cve_id("CVE-2017-4945");
      script_bugtraq_id(102441);
      script_xref(name:"VMSA", value:"2018-0003");
    
      script_name(english:"VMware Tools < 10.2.0 Program Execution Vulnerability (VMSA-2018-0003) (macOS)");
      script_summary(english:"Checks the VMware Tools version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote MacOS / MacOSX host is affected
    by a code execution vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Tools installed on the remote MacOS/MacOSX host
    is prior to 10.2.0. It is, therefore, affected by an unspecified flaw
    in VMware Tools related to improper guest access control. This allows
    a proximate attacker to execute programs via Unity mode on locked
    Windows VMs.
    
    Note that Nessus has not tested for these issues but has instead
    relied only on the application's self-reported version number.");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0003.html");
      # https://my.vmware.com/web/vmware/details?downloadGroup=VMTOOLS1020&productId=491
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7d54c30a");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMwware Tools version 10.2.0 or later.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-4945");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/13");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vmware_tools");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_vmware_tools_installed.nbin", "vmware_vsphere_detect.nbin");
      script_require_keys("installed_sw/VMware Tools", "Host/MacOSX/Version", "Host/local_checks_enabled");
    
      exit(0);
    }
    
    include("vcf.inc");
    
    get_kb_item_or_exit("Host/MacOSX/Version");
    
    rel   = get_kb_item_or_exit("Host/VMware/release");
    if ("ESX" >!< rel || empty_or_null(rel))
      audit(AUDIT_OS_NOT, "VMware ESX/ESXi");	
    
    app_info = vcf::get_app_info(app:"VMware Tools");
    
    constraints = [{ "min_version" : "0", "fixed_version" : "10.2.0" }];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);