ID CVE-2018-6963
Summary VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.
References
Vulnerable Configurations
  • cpe:2.3:a:vmware:fusion:10.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:10.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:10.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:10.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:10.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:fusion:10.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:fusion:10.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:vmware:workstation:14.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:vmware:workstation:14.1.1:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 26-06-2018 - 18:23)
Impact:
Exploitability:
CWE CWE-476
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 104237
confirm https://www.vmware.com/security/advisories/VMSA-2018-0013.html
sectrack 1040957
Last major update 26-06-2018 - 18:23
Published 22-05-2018 - 13:29
Last modified 26-06-2018 - 18:23
Back to Top