Null pointer dereference in VMware Fusion and VMware Workstation - CVE-2018-6963
Published: May 22, 2018 / Updated: May 23, 2018
Vulnerability identifier: #VU12991
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6963
CWE-ID: CWE-476
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Fusion
VMware Workstation
VMware Fusion
VMware Workstation
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference in the RPC handler. A remote attacker can cause the service to crash.
How to mitigate CVE-2018-6963
Update VMware Workstation to version 14.1.2 and Fusion to version 10.1.2.