CVE-2017-4945 : What You Need to Know
CVE-2017-4945 involves a guest access control vulnerability in VMware Workstation 14.x and 12.x, as well as Fusion 10.x and 8.x, potentially allowing unauthorized program execution through Unity on locked Windows VMs. Learn how to mitigate and prevent this issue.
A vulnerability regarding guest access control has been identified in VMware Workstation versions 14.x and 12.x, as well as Fusion versions 10.x and 8.x. This vulnerability could potentially enable program execution through Unity on Windows VMs that are locked. To address this issue, it is necessary to update VMware Tools to version 10.2.0 for each VM. By default, Workstation 14.1.0 and Fusion 10.1.0 utilize VMware Tools version 10.2.0. This update will effectively resolve CVE-2017-4945.
Understanding CVE-2017-4945
This CVE involves a guest access control vulnerability in VMware Workstation and Fusion products.
What is CVE-2017-4945?
CVE-2017-4945 is a vulnerability in VMware Workstation versions 14.x and 12.x, as well as Fusion versions 10.x and 8.x, allowing potential program execution through Unity on locked Windows VMs.
The Impact of CVE-2017-4945
- Unauthorized program execution through Unity on Windows VMs that are locked
Technical Details of CVE-2017-4945
This section provides technical details about the vulnerability.
Vulnerability Description
- Guest access control vulnerability identified in VMware Workstation and Fusion
Affected Systems and Versions
- VMware Workstation 14.x and 12.x
- VMware Fusion 10.x and 8.x
Exploitation Mechanism
- Potential program execution through Unity on locked Windows VMs
Mitigation and Prevention
Learn how to mitigate and prevent the CVE-2017-4945 vulnerability.
Immediate Steps to Take
- Update VMware Tools to version 10.2.0 for each VM
Long-Term Security Practices
- Regularly update VMware products and tools
- Implement access controls and restrictions on VMs
Patching and Updates
- Workstation 14.1.0 and Fusion 10.1.0 use VMware Tools version 10.2.0 by default