5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
24.9%
3a. Hypervisor-Specific Mitigations for MDS vulnerabilities - CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091
vCenter Server, ESXi, Workstation, and Fusion updates include Hypervisor-Specific Mitigations for MDS speculative execution vulnerabilities. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
vCenter Server, ESXi, Workstation, and Fusion updates support Hypervisor-Assisted Guest Mitigations for MDS speculative execution vulnerabilities. These updates expose new CPU control bits via microcode listed in the table below to the Virtual Machine layer. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 6.5.
A malicious user must have local access to a virtual machine and the ability to execute code to infer data otherwise protected by architectural mechanisms within the Guest Operating System (Intra-VM) via MDS vulnerabilities.
lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
[email protected]
www.vmware.com/security/advisories
blogs.vmware.com/security
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12127
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11091
docs.vmware.com/en/VMware-Fusion/index.html
docs.vmware.com/en/VMware-vSphere/6.0/rn/esxi600-201905001.html
docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201905001.html
docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-201911001.html
docs.vmware.com/en/VMware-Workstation-Pro/index.html
kb.vmware.com/kb/1055
kb.vmware.com/s/article/52284
kb.vmware.com/s/article/52312
kb.vmware.com/s/article/52377
kb.vmware.com/s/article/52467
kb.vmware.com/s/article/52497
kb.vmware.com/s/article/67577
kb.vmware.com/s/article/68024
kb.vmware.com/s/article/68025
my.vmware.com/group/vmware/get-download?downloadGroup=VC60U3I
my.vmware.com/group/vmware/get-download?downloadGroup=VC65U2G
my.vmware.com/group/vmware/get-download?downloadGroup=VC67U2A
my.vmware.com/group/vmware/patch
my.vmware.com/web/vmware/details?downloadGroup=VC65U3&productId=614
my.vmware.com/web/vmware/details?downloadGroup=VC67U2C&productId=742
my.vmware.com/web/vmware/details?productId=935&rPId=40695&downloadGroup=VRA-800
twitter.com/VMwareSRC
www.vmware.com/go/downloadfusion
www.vmware.com/go/downloadworkstation
www.vmware.com/support/policies/lifecycle.html
www.vmware.com/support/policies/security_response.html
5.6 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
0.001 Low
EPSS
Percentile
24.9%