Privilege escalation in VMware Fusion and Workstation
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2017-4949 CVE-2017-4950 |
| CWE-ID | CWE-416 CWE-190 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
VMware Fusion Client/Desktop applications / Virtualization software VMware Workstation Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Privilege escalation
EUVDB-ID: #VU9993
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4949
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The weakness exists on the systems with IPv6 mode enabled due to use-after-free memory error in the VMware NAT service. An adjacent attacker can trigger memory corruption and execute arbitrary code with elevated privileges.
The vulnerability is addressed in the following version: 8.5.10, 10.1.1, 12.5.9, 14.1.1.
Vulnerable software versionsVMware Fusion: 8.0 - 10.1.0
VMware Workstation: 12.0.0 - 14.1
CPE2.3- cpe:2.3:a:vmware:vmware_fusion:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2018-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege escalation
EUVDB-ID: #VU9994
Risk: Low
CVSSv4.0: 6.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-4950
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The weakness exists on the systems with IPv6 mode enabled due to integer overflow in the VMware NAT service. An adjacent attacker can trigger memory corruption and execute arbitrary code with elevated privileges.
The vulnerability is addressed in the following version: 8.5.10, 10.1.1, 12.5.9, 14.1.1.
Vulnerable software versionsVMware Fusion: 8.0 - 10.1.0
VMware Workstation: 12.0.0 - 14.1
CPE2.3- cpe:2.3:a:vmware:vmware_fusion:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:12.1.1:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2018-0005.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to open a a specially crafted file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
