Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion



Published: 2018-06-29
Risk Low
Patch available YES
Number of vulnerabilities 3
CVE-ID CVE-2018-6965
CVE-2018-6966
CVE-2018-6967
CWE-ID CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
VMware ESXi
Operating systems & Components / Operating system

VMware Fusion
Client/Desktop applications / Virtualization software

VMware Workstation
Client/Desktop applications / Virtualization software

Vendor VMware, Inc

Security Bulletin

This security bulletin contains information about 3 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU13517

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6965

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to out-of-bounds read in the shader translator. A remote attacker can gain access to arbitrary data or cause the application to crash.

Mitigation

Update VMware Fusion to version 10.1.2.
Update VMware Workstation to version 14.1.2.

Vulnerable software versions

VMware ESXi: 6.7

VMware Fusion: 10.0 - 10.1.1

VMware Workstation: 14.0 - 14.1.1


CPE2.3 External links

http://www.vmware.com/security/advisories/VMSA-2018-0016.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

EUVDB-ID: #VU13518

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6966

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to out-of-bounds read in the shader translator. A remote attacker can gain access to arbitrary data or cause the application to crash.

Mitigation

Update VMware Fusion to version 10.1.2.
Update VMware Workstation to version 14.1.2.

Vulnerable software versions

VMware ESXi: 6.7

VMware Fusion: 10.0 - 10.1.1

VMware Workstation: 14.0 - 14.1.1


CPE2.3 External links

http://www.vmware.com/security/advisories/VMSA-2018-0016.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

EUVDB-ID: #VU13519

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-6967

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information or cause DoS condition.

The weakness exists due to out-of-bounds read in the shader translator. A remote attacker can gain access to arbitrary data or cause the application to crash.

Mitigation

Update VMware Fusion to version 10.1.2.
Update VMware Workstation to version 14.1.2.

Vulnerable software versions

VMware ESXi: 6.7

VMware Fusion: 10.0 - 10.1.1

VMware Workstation: 14.0 - 14.1.1


CPE2.3 External links

http://www.vmware.com/security/advisories/VMSA-2018-0016.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###