CVE-2017-4904

Description

The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x prior to 12.5.5; and Fusion Pro / Fusion 8.x prior to 8.5.6 has uninitialized memory usage. This issue may allow a guest to execute code on the host. The issue is reduced to a Denial of Service of the guest on ESXi 5.5.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.102

Associated Vulnerability

Vulnerability	OS Platform
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.0.0	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.0.1	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.0.2	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.1.0	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.1.1	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.0	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.1	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.2	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.3	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.4	Mac
Multiple Vulnerabilities are affected in VMware Fusion for MAC 8.5.5	Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)
PATCH-605160	VMware Fusion for MAC 13.0.2 (Deployment-Only)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234