VmWare fix two high-risk arbitrary code execution vulnerabilities in several products

VMWare released six patches for ESXi, Workstations 12.5.8, Fusion 8.5.9 and vCSA 6.5 U1d respectively. An attacker can exploit some of these VMware vulnerabilities to execute arbitrary code. CVEs of the four high-risk vulnerabilities are CVE-2017-4941, CVE-2017-4933, CVE-2017-4940, CVE-2017-4943, and users should install patches as soon as possible

Security experts from Cisco Talos team discovered two serious arbitrary code execution vulnerabilities, and assign them to CVSS score of 9.0, and VMware will be listed as “important” severity.

CVE-2017-4941

VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ESXi550-201709101-SG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine’s .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CVE-2017-4933

VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x before 12.5.8), and Fusion (8.x before 8.5.9) contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow via a specific set of VNC packets resulting in heap corruption. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session. Note: In order for exploitation to be possible in ESXi, VNC must be manually enabled in a virtual machine’s .vmx configuration file. In addition, ESXi must be configured to allow VNC traffic through the built-in firewall.

CVE-2017-4940

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

CVE-2017-4943

VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the ‘showlog’ plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS.

Download Vmware security patch here.

Reference:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4943
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4933
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4941
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-4943