CVE-2017-4945

EUVD-2017-14062
VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be updated to 10.2.0 for each VM to resolve CVE-2017-4945. VMware Tools 10.2.0 is consumed by Workstation 14.1.0 and Fusion 10.1.0 by default.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 20%
Affected Products (NVD)
VendorProductVersion
vmwareworkstation
12.0.0
vmwareworkstation
12.0.1
vmwareworkstation
12.1
vmwareworkstation
12.1.1
vmwareworkstation
12.5
vmwareworkstation
12.5.0
vmwareworkstation
12.5.1
vmwareworkstation
12.5.2
vmwareworkstation
12.5.3
vmwareworkstation
12.5.4
vmwareworkstation
12.5.5
vmwareworkstation
12.5.6
vmwareworkstation
12.5.7
vmwareworkstation
12.5.8
vmwareworkstation
12.5.9
vmwareworkstation
14.0
vmwarefusion
8.0
vmwarefusion
8.0.1
vmwarefusion
8.0.2
vmwarefusion
8.1
vmwarefusion
8.1.1
vmwarefusion
8.5
vmwarefusion
8.5.1
vmwarefusion
8.5.2
vmwarefusion
8.5.3
vmwarefusion
8.5.4
vmwarefusion
8.5.5
vmwarefusion
8.5.6
vmwarefusion
8.5.7
vmwarefusion
8.5.8
vmwarefusion
8.5.9
vmwarefusion
8.5.10
vmwarefusion
10.0
vmwarefusion
10.0.1
vmwarefusion
10.1.0
vmwarefusion
10.1.1
𝑥
= Vulnerable software versions
References
http://www.securityfocus.com/bid/102441
http://www.securitytracker.com/id/1040109
http://www.securitytracker.com/id/1040136
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html
http://www.securityfocus.com/bid/102441
http://www.securitytracker.com/id/1040109
http://www.securitytracker.com/id/1040136
https://www.vmware.com/us/security/advisories/VMSA-2018-0003.html