Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-6963

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

Published

2018-05-22T13:29:00.437

Last Modified

2024-11-21T04:11:29.537

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:N/I:N/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
CWE-476

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	fusion	< 10.1.2	Yes
Application	vmware	workstation	< 14.1.2	Yes

References

http://www.securityfocus.com/bid/104237 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1040957 Third Party Advisory, VDB Entry ([email protected])
https://www.vmware.com/security/advisories/VMSA-2018-0013.html Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/104237 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1040957 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2018-0013.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)