CVE-2017-4907 — CRITICAL (9.8)

Vulnerability Description

VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Vmware	Horizon View	6.0
Vmware	Unified Access Gateway	2.5

Related Weaknesses (CWE)

CWE-119

References

http://www.securityfocus.com/bid/97914Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038281
http://www.vmware.com/security/advisories/VMSA-2017-0008.htmlVendor Advisory
http://www.securityfocus.com/bid/97914Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1038281
http://www.vmware.com/security/advisories/VMSA-2017-0008.htmlVendor Advisory

FAQ

What is CVE-2017-4907?

CVE-2017-4907 is a vulnerability with a CVSS score of 9.8 (CRITICAL). VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attac...

How severe is CVE-2017-4907?

CVE-2017-4907 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-4907?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Horizon View, Vmware Unified Access Gateway.