Denial of service in VMware Workstation and VMware Fusion

#VU11121 Denial of service in VMware Workstation and VMware Fusion

Published: 2018-03-16

Vulnerability identifier: #VU11121

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-6957

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Workstation
Client/Desktop applications / Virtualization software
VMware Fusion
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists on the VNC manually enabled systems due to unspecified error. A remote attacker can open a large number of VNC sessions to cause unspecified denial of service conditions.

Mitigation
Update VMware Fusion to version 10.1.1.
Update VMware Workstation to version 14.1.1.

Vulnerable software versions

VMware Workstation: 14.0 - 14.1

VMware Fusion: 10.0 - 10.1.0

CPE

cpe:2.3:a:vmware:vmware_workstation:14.1:*:*:*:*:*:*:*

External links
http://www.vmware.com/security/advisories/VMSA-2018-0008.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Denial of service in VMware Workstation and Fusion