Vulnerability Details CVE-2017-4918
VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX system where the client is installed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2017-4918
-
cpe:2.3:a:vmware:horizon_view:2.0
-
cpe:2.3:a:vmware:horizon_view:2.1
-
cpe:2.3:a:vmware:horizon_view:2.2
-
cpe:2.3:a:vmware:horizon_view:2.3
-
cpe:2.3:a:vmware:horizon_view:3.0
-
cpe:2.3:a:vmware:horizon_view:3.1
-
cpe:2.3:a:vmware:horizon_view:3.2
-
cpe:2.3:a:vmware:horizon_view:3.3
-
cpe:2.3:a:vmware:horizon_view:4.0.0
-
cpe:2.3:a:vmware:horizon_view:4.0.1
-
cpe:2.3:a:vmware:horizon_view:4.1.0
-
cpe:2.3:a:vmware:horizon_view:4.2.0
-
cpe:2.3:a:vmware:horizon_view:4.3.0
-
cpe:2.3:a:vmware:horizon_view:4.4.0