← back
CVE-2017-4904

CVE-2017-4904

EPSS 0.4%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Jun 2017Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.
Affected products
VMware · ESXiVMware · Fusion Pro / FusionVMware · Workstation Pro / Player

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.securityfocus.com/bid/97165http://www.securitytracker.com/id/1038148http://www.securitytracker.com/id/1038149http://www.vmware.com/security/advisories/VMSA-2017-0006.html