Vulnerabilities > CVE-2017-4946 - Incorrect Authorization vulnerability in VMWare products
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating their privileges to SYSTEM.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id VMWARE_VREALIZE_OPERATIONS_HORIZON_DESKTOP_AGENT_VMSA_2018_0003.NASL description The remote VVMware vRealize Operations for Horizon Desktop Agent (V4H) 6.x host is affected by a privilege escalation vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 105789 published 2018-01-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105789 title VMware vRealize Operations for Horizon Desktop Agent 6.x < 6.5.1 Privilege Escalation Vulnerability (VMSA-2018-0003) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(105789); script_version("1.6"); script_cvs_date("Date: 2019/11/08"); script_cve_id("CVE-2017-4946"); script_bugtraq_id(102441); script_xref(name:"VMSA", value:"2018-0003"); script_xref(name:"IAVB", value:"2018-B-0011"); script_name(english:"VMware vRealize Operations for Horizon Desktop Agent 6.x < 6.5.1 Privilege Escalation Vulnerability (VMSA-2018-0003)"); script_summary(english:"Checks the VMware VRealize Operations for Horizon Desktop version."); script_set_attribute(attribute:"synopsis", value: "The remote host is affected by a privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "The remote VVMware vRealize Operations for Horizon Desktop Agent (V4H) 6.x host is affected by a privilege escalation vulnerability."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0003.html"); script_set_attribute(attribute:"see_also", value:"https://kb.vmware.com/s/article/52195"); script_set_attribute(attribute:"solution", value: "Upgrade to vRealize Operations for Horizon Desktop Agent version 6.5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-4946"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"patch_publication_date", value:"2018/01/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/01/13"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:vrealize_operations_horizon_desktop_agent"); script_set_attribute(attribute:"stig_severity", value:"I"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_vrealize_operations_horizon_desktop_agent_installed.nbin"); script_require_ports("installed_sw/VMware vRealize Operations for Horizon Desktop Agent"); exit(0); } include("vcf.inc"); app_name = 'VMware vRealize Operations for Horizon Desktop Agent'; get_kb_item_or_exit("SMB/Registry/Enumerated"); app_info = vcf::get_app_info(app:app_name, win_local:TRUE); constraints = [{ "min_version" : "6", "fixed_version" : "6.5.1" }]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
NASL family Windows NASL id VMWARE_VREALIZE_OPERATIONS_PUBLISHED_APPLICATIONS_DESKTOP_AGENT_VMSA_2018_0003.NASL description The remote VVMware vRealize Operations for Publsihed Applications Desktop Agent (V4PA) 6.x host is affected by a privilege escalation vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 105790 published 2018-01-13 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/105790 title VMware vRealize Operations for Published Applications Desktop Agent 6.x < 6.5.1 Privilege Escalation Vulnerability (VMSA-2018-0003)
References
- http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
- http://gosecure.net/2018/01/10/vmware-horizon-v4h-v4pa-desktop-agent-privilege-escalation-vulnerability-cve-2017-4946/
- http://www.securityfocus.com/bid/102441
- http://www.securityfocus.com/bid/102441
- http://www.securitytracker.com/id/1040136
- http://www.securitytracker.com/id/1040136
- https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html