Stack-based buffer overflow in VMware, Inc products - CVE-2018-6981
Published: November 9, 2018
Vulnerability identifier: #VU15786
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-6981
CWE-ID: CWE-121
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware ESXi
VMware Workstation
VMware Fusion
VMware ESXi
VMware Workstation
VMware Fusion
Detailed vulnerability description
The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.
The weakness exists due to uninitialized stack memory usage in the vmxnet3 virtual network adapter. A remote attacker can trigger memory corruption if vmxnet3 is enabled and execute arbitrary code with elevated privileges.
How to mitigate CVE-2018-6981
Install update from vendor's website.