Main Vulnerability Database Vulnerabilities #VU15786

#VU15786 Stack-based buffer overflow in VMware, Inc products - CVE-2018-6981

Published: November 9, 2018

Vulnerability identifier: #VU15786

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-6981

CWE-ID: CWE-121

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
VMware ESXi
VMware Workstation
VMware Fusion

Software vendor:
VMware, Inc

Description

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The weakness exists due to uninitialized stack memory usage in the vmxnet3 virtual network adapter. A remote attacker can trigger memory corruption if vmxnet3 is enabled and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

External links

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

#VU15786 Stack-based buffer overflow in VMware, Inc products - CVE-2018-6981

Description

Remediation

External links

Please verify you're human