Vulnerability Description
VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a malicious server and sharing all their drives and devices. Successful exploitation of this vulnerability requires a victim to download a specially crafted RDP file through DaaS client by clicking on a malicious link.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Horizon Daas | <= 6.1.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/96559Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037951
- http://www.vmware.com/security/advisories/VMSA-2017-0002.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/96559Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1037951
- http://www.vmware.com/security/advisories/VMSA-2017-0002.htmlPatchVendor Advisory
FAQ
What is CVE-2017-4897?
CVE-2017-4897 is a vulnerability with a CVSS score of 5.5 (MEDIUM). VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists due to insufficient validation of data. An attacker may exploit this issue by tricking DaaS client users into connecting to a mali...
How severe is CVE-2017-4897?
CVE-2017-4897 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-4897?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Horizon Daas.