#VU11121 Denial of service in VMware Workstation and VMware Fusion - CVE-2018-6957

Cybersecurity Help s.r.o.

Published: 2018-03-16

Vulnerability identifier: #VU11121

Vulnerability risk: Low

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-6957

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Workstation
Client/Desktop applications / Virtualization software
VMware Fusion
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists on the VNC manually enabled systems due to unspecified error. A remote attacker can open a large number of VNC sessions to cause unspecified denial of service conditions.

Mitigation
Update VMware Fusion to version 10.1.1.
Update VMware Workstation to version 14.1.1.

Vulnerable software versions

VMware Workstation: 14.0 - 14.1

VMware Fusion: 10.0 - 10.1.0

External links
https://www.vmware.com/security/advisories/VMSA-2018-0008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in VMware Workstation and Fusion