Risk | Low |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2018-6981 CVE-2018-6982 |
CWE-ID | CWE-121 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
Release Certification Matrix (RCM) Other software / Other software solutions |
Vendor | Dell |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU15786
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6981
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
Description
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists due to uninitialized stack memory usage in the vmxnet3 virtual network adapter. A remote attacker can trigger memory corruption if vmxnet3 is enabled and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsRelease Certification Matrix (RCM): before 3.3.3.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU15787
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-6982
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
Description
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists due to uninitialized stack memory usage in the vmxnet3 virtual network adapter. A remote attacker can trigger memory corruption if vmxnet3 is enabled and access arbitrary data.
MitigationInstall update from vendor's website.
Vulnerable software versionsRelease Certification Matrix (RCM): before 3.3.3.1
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.