漏洞类别:VMware
漏洞等级: 
漏洞信息
VMware ESXi is an enterprise level computer virtualization product.
VMware ESXi contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets (CVE-2017-4941).
The ESXi Host Client contains a vulnerability that may allow for stored cross-site scripting (XSS) (CVE-2017-4940).
QID Detection Logic(authenticated):
This QID checks for vulnerable versions of VMware ESXi 6.0
漏洞危害
An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client. Successful exploitation of this issue could result in remote code execution in a virtual machine via the authenticated VNC session.
解决方案
To resolve this issue, upgrade to VMware ESXi Build 6856897 or the latest VMware ESXi build.
Refer to VMware advisory KB 2151126, KB 2151126 for updates and build information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0daybank
文章评论