CVE-2017-4919

EUVD-2017-14036
VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, limited vSphere privileges to use the VIX API to access Guest Operating Systems without the need to authenticate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 CRITICAL
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
vmwarevcenter_server
5.5
vmwarevcenter_server
6.0
vmwarevcenter_server
6.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/100102
http://www.securitytracker.com/id/1039004
http://www.vmware.com/security/advisories/VMSA-2017-0012.html
http://www.securityfocus.com/bid/100102
http://www.securitytracker.com/id/1039004
http://www.vmware.com/security/advisories/VMSA-2017-0012.html