Integer overflow in VMware Fusion and VMware Workstation - CVE-2018-6983
Published: November 22, 2018 / Updated: November 23, 2018
Vulnerability identifier: #VU16025
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2018-6983
CWE-ID: CWE-190
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Fusion
VMware Workstation
VMware Fusion
VMware Workstation
Detailed vulnerability description
The vulnerability allows an adjacent attacker to gain elevated privileges on the target system.
The vulnerability exists due to integer overflow when handling malicious input. An adjacent attacker can send specially crafted data, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2018-6983
Update vmWare Workstation to versions 14.1.4, 15.0.2.
Update VmWare Fusion to versions 10.1.5, 11.0.2.
Update VmWare Fusion to versions 10.1.5, 11.0.2.