Main Vulnerability Database SB2018011018

SB2018011018 - Privilege escalation in VMware Fusion and Workstation

Published: January 10, 2018

Security Bulletin ID SB2018011018

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Adjecent network

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Privilege escalation (CVE-ID: CVE-2017-4949)

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists on the systems with IPv6 mode enabled due to use-after-free memory error in the VMware NAT service. An adjacent attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

2) Privilege escalation (CVE-ID: CVE-2017-4950)

The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.

The weakness exists on the systems with IPv6 mode enabled due to integer overflow in the VMware NAT service. An adjacent attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.vmware.com/security/advisories/VMSA-2018-0005.html