Main Vulnerability Database SB2018081506

SB2018081506 - Information disclosure in VMware Virtual Appliances

Published: August 15, 2018

Security Bulletin ID SB2018081506

CSH Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Side-channel attack (CVE-ID: CVE-2018-3620)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://www.vmware.com/security/advisories/VMSA-2018-0021.html

SB2018081506 - Information disclosure in VMware Virtual Appliances

Breakdown by Severity

Description

Remediation

References

Please verify you're human