Vulnerability Details CVE-2017-4949
VMware Workstation and Fusion contain a use-after-free vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may allow a guest to execute code on the host. Note: IPv6 mode for VMNAT is not enabled by default.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.4%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
Products affected by CVE-2017-4949
-
cpe:2.3:a:vmware:fusion:10.0
-
cpe:2.3:a:vmware:fusion:10.0.0
-
cpe:2.3:a:vmware:fusion:10.0.1
-
cpe:2.3:a:vmware:fusion:10.1.0
-
cpe:2.3:a:vmware:fusion:8.0
-
cpe:2.3:a:vmware:fusion:8.0.0
-
cpe:2.3:a:vmware:fusion:8.0.1
-
cpe:2.3:a:vmware:fusion:8.0.2
-
cpe:2.3:a:vmware:fusion:8.1
-
cpe:2.3:a:vmware:fusion:8.1.0
-
cpe:2.3:a:vmware:fusion:8.1.1
-
cpe:2.3:a:vmware:fusion:8.1.4
-
cpe:2.3:a:vmware:fusion:8.5
-
cpe:2.3:a:vmware:fusion:8.5.0
-
cpe:2.3:a:vmware:fusion:8.5.1
-
cpe:2.3:a:vmware:fusion:8.5.2
-
cpe:2.3:a:vmware:fusion:8.5.3
-
cpe:2.3:a:vmware:fusion:8.5.4
-
cpe:2.3:a:vmware:fusion:8.5.5
-
cpe:2.3:a:vmware:fusion:8.5.6
-
cpe:2.3:a:vmware:fusion:8.5.7
-
cpe:2.3:a:vmware:fusion:8.5.8
-
cpe:2.3:a:vmware:fusion:8.5.9
-
cpe:2.3:a:vmware:workstation:12.0
-
cpe:2.3:a:vmware:workstation:12.0.0
-
cpe:2.3:a:vmware:workstation:12.0.1
-
cpe:2.3:a:vmware:workstation:12.1
-
cpe:2.3:a:vmware:workstation:12.1.1
-
cpe:2.3:a:vmware:workstation:12.5
-
cpe:2.3:a:vmware:workstation:12.5.0
-
cpe:2.3:a:vmware:workstation:12.5.1
-
cpe:2.3:a:vmware:workstation:12.5.2
-
cpe:2.3:a:vmware:workstation:12.5.3
-
cpe:2.3:a:vmware:workstation:12.5.4
-
cpe:2.3:a:vmware:workstation:12.5.5
-
cpe:2.3:a:vmware:workstation:12.5.6
-
cpe:2.3:a:vmware:workstation:12.5.7
-
cpe:2.3:a:vmware:workstation:12.5.8
-
cpe:2.3:a:vmware:workstation:14.0
-
cpe:2.3:a:vmware:workstation:14.0.0
-
cpe:2.3:a:vmware:workstation:14.1
-
cpe:2.3:a:vmware:workstation:14.1.0
-
cpe:2.3:o:apple:mac_os_x:-