Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11296
HistoryJul 19, 2018 - 12:00 a.m.

KLA11296 DoS vulnerability in VMware products

2018-07-1900:00:00
Kaspersky Lab
threats.kaspersky.com
169

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

Multiple vulnerabilities were found in VMware products. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

  1. A NULL pointer dereference vulnerability was found in VMware Workstation and Fusion. By exploiting this vulnerability malicious users can cause denial of service. This vulnerability can be exploited locally via RPC handler;
  2. Local information disclosure vulnerability can be exploited to gain privileges;

Original advisories

VMSA-2018-0018

Related products

VMware-Workstation

VMware-Fusion

CVE list

CVE-2018-6972 warning

CVE-2018-6971 warning

Solution

Update to the latest versionDownload Workstation

Download VMware Fusion

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • VMware Workstation 14.x earlier than 14.1.2
    VMware Fusion 10.x earlier than 10.1.2

Related

nessus 3
vmware 1
cvelist 2
prion 2
cve 2
nvd 2
ibm 1
zdi 1
nessus
nessus
VMSA-2018-0018 : VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues
2018-07-26 00:00:00
VMware Horizon View Agent 7.x < 7.5.1 Local Information Disclosure Vulnerability (VMSA-2018-0018)
2018-07-27 00:00:00
VMware ESXi 5.5 / 6.0 / 6.5 / 6.7 DoS (VMSA-2018-0018) (remote check)
2020-03-24 00:00:00
vmware
vmware
VMware Horizon View Agent, VMware ESXi, Workstation, and Fusion updates resolve multiple security issues
2018-07-19 00:00:00
cvelist
cvelist
CVE-2018-6971
2018-07-19 00:00:00
CVE-2018-6972
2018-07-19 00:00:00
prion
prion
Information disclosure
2018-07-25 13:29:00
Null pointer dereference
2018-07-25 13:29:00
cve
cve
CVE-2018-6971
2018-07-25 13:29:00
CVE-2018-6972
2018-07-25 13:29:00
nvd
nvd
CVE-2018-6971
2018-07-25 13:29:00
CVE-2018-6972
2018-07-25 13:29:00
ibm
ibm
Security Bulletin: IBM PureApplication System is affected by a vulnerability in VMWare component (CVE-2018-6972)
2019-01-25 12:15:01
zdi
zdi
VMware Workstation SetGuestInfo Null Pointer Dereference Denial of Service Vulnerability
2018-07-26 00:00:00

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON
Related for KLA11296
nessus3vmware1cvelist2prion2cve2nvd2ibm1zdi1