Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2018-6981 CVE-2018-6982 |
| CWE-ID | CWE-121 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
VMware ESXi Operating systems & Components / Operating system VMware Workstation Client/Desktop applications / Virtualization software VMware Fusion Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Stack-based buffer overflow
EUVDB-ID: #VU15786
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6981
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
Description
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists due to uninitialized stack memory usage in the vmxnet3 virtual network adapter. A remote attacker can trigger memory corruption if vmxnet3 is enabled and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsVMware ESXi: 6.0 - 6.7
VMware Workstation: 14.0 - 15.0.0
VMware Fusion: 10.0 - 11.0.0
External linkshttp://www.vmware.com/security/advisories/VMSA-2018-0027.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Stack-based buffer overflow
EUVDB-ID: #VU15787
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6982
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to uninitialized stack memory usage in the vmxnet3 virtual network adapter. A remote attacker can trigger memory corruption if vmxnet3 is enabled and access arbitrary data.
MitigationInstall update from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 6.7
External linkshttp://www.vmware.com/security/advisories/VMSA-2018-0027.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
