Main Vulnerability Database SB2018081506

SB2018081506 - Information disclosure in VMware Virtual Appliances

Published: August 15, 2018

Security Bulletin ID SB2018081506

Severity

Low

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Side-channel attack (CVE-ID: CVE-2018-3620)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

http://www.vmware.com/security/advisories/VMSA-2018-0021.html

SB2018081506 - Information disclosure in VMware Virtual Appliances

Breakdown by Severity

Description

Remediation

References

Please verify you're human