Multiple vulnerabilities in VMware Workstation and Fusion



Published: 2018-05-23
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2018-6962
CVE-2018-6963
CWE-ID CWE-264
CWE-476
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe 		VMware Fusion
Client/Desktop applications / Virtualization software

VMware Workstation
Client/Desktop applications / Virtualization software

Vendor VMware, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU12990

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6962

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists due to a signature bypass flaw. A local attacker can gain elevated privileges.

Mitigation

Update to version 10.1.2.

Vulnerable software versions

VMware Fusion: 10.0 - 10.1.1

External links

http://www.vmware.com/security/advisories/VMSA-2018-0013.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Null pointer dereference

EUVDB-ID: #VU12991

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6963

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference in the RPC handler. A remote attacker can cause the service to crash.

Mitigation

Update VMware Workstation to version 14.1.2 and Fusion to version 10.1.2.

Vulnerable software versions

VMware Fusion: 10.0 - 10.1.1

VMware Workstation: 14.0 - 14.1.1

External links

http://www.vmware.com/security/advisories/VMSA-2018-0013.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###