Null pointer dereference in VMware Horizon - CVE-2018-6972
Published: July 20, 2018 / Updated: July 23, 2018
Vulnerability identifier: #VU13954
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6972
CWE-ID: CWE-476
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Horizon
VMware Horizon
Detailed vulnerability description
The vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference in the RPC handler. An adjacent attacker can cause the virtual machine to crash.
How to mitigate CVE-2018-6972
Update to version 7.5.1.