CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
56.6%
ESXi, Workstation, and Fusion multiple out-of-bounds read vulnerabilities
VMware ESXi, Workstation and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. Successful exploitation of these issues may lead to information disclosure or may allow attackers with normal user privileges to crash their VMs.
VMware would like to thank RanchoIce of Tencent ZhanluLab (CVE-2018-6965, CVE-2018-6966, CVE-2018-6967) and a member of Cisco Talos (CVE-2018-6965) for independently reporting these issues to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2018-6965, CVE-2018-6966, and CVE-2018-6967 to these issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory 2018-0016.
# The text itself is copyright (C) VMware Inc.
#
include('compat.inc');
if (description)
{
script_id(110902);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");
script_cve_id("CVE-2018-6965", "CVE-2018-6966", "CVE-2018-6967");
script_xref(name:"VMSA", value:"2018-0016");
script_name(english:"VMSA-2018-0016 : VMware ESXi, Workstation, and Fusion updates address multiple out-of-bounds read vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi host is missing one or more security-related
patches.");
script_set_attribute(attribute:"description", value:
"ESXi, Workstation, and Fusion multiple out-of-bounds read
vulnerabilities
VMware ESXi, Workstation and Fusion contain multiple out-of-bounds
read vulnerabilities in the shader translator. Successful
exploitation of these issues may lead to information disclosure or
may allow attackers with normal user privileges to crash their VMs.
VMware would like to thank RanchoIce of Tencent ZhanluLab
(CVE-2018-6965, CVE-2018-6966, CVE-2018-6967) and a member of Cisco
Talos (CVE-2018-6965) for independently reporting these issues to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the identifiers CVE-2018-6965, CVE-2018-6966, and
CVE-2018-6967 to these issues.");
script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2018/000418.html");
script_set_attribute(attribute:"solution", value:
"Apply the missing patches.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6967");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2018/06/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.7");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"VMware ESX Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");
exit(0);
}
include("audit.inc");
include("vmware_esx_packages.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
!get_kb_item("Host/VMware/esxcli_software_vibs") &&
!get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);
init_esx_check(date:"2018-06-28");
flag = 0;
if (esx_check(ver:"ESXi 6.7", vib:"VMware:esx-base:6.7.0-0.14.8941472")) flag++;
if (esx_check(ver:"ESXi 6.7", vib:"VMware:vsan:6.7.0-0.14.8941472")) flag++;
if (esx_check(ver:"ESXi 6.7", vib:"VMware:vsanhealth:6.7.0-0.14.8941472")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:esx_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
56.6%