Vulnerabilities > CVE-2018-6957 - Missing Release of Resource after Effective Lifetime vulnerability in VMWare Fusion, Workstation Player and Workstation PRO

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

vmware

CWE-772

nessus

NVD

Published: 2018-03-15

Updated: 2019-10-03

Summary

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Workstation PRO 12.5.3 Vmware Workstation PRO 12.1 Vmware Workstation PRO 12.5.2 Vmware Workstation PRO 12.5.4 Vmware Workstation PRO 12.1.1 Vmware Workstation PRO 12.5.1 Vmware Workstation PRO 12.5.5 Vmware Workstation PRO 12.5.6 Vmware Workstation PRO 12.5.7 Vmware Workstation PRO 12.0 Vmware Workstation PRO 12.01 Vmware Workstation PRO 12.5 Vmware Workstation PRO 14.0 Vmware Workstation PRO 14.1 Vmware Workstation PRO 14.1.0 Vmware Workstation Player 12.1 Vmware Workstation Player 12.5.4 Vmware Workstation Player 12.5.1 Vmware Workstation Player 12.1.1 Vmware Workstation Player 12.5.2 Vmware Workstation Player 12.5.3 Vmware Workstation Player 12.0.1 Vmware Workstation Player 12.0 Vmware Workstation Player 12.5 Vmware Workstation Player 12.5.5 Vmware Workstation Player 12.5.6 Vmware Workstation Player 12.5.7 Vmware Workstation Player 14.0 Vmware Workstation Player 14.1 Vmware Fusion 8.1 Vmware Fusion 8.5.3 Vmware Fusion 8.5.4 Vmware Fusion 8.1.1 Vmware Fusion 8.5.1 Vmware Fusion 8.5.2 Vmware Fusion 8.0.2 Vmware Fusion 8.0.1 Vmware Fusion 8.5.5 Vmware Fusion 8.5.7 Vmware Fusion 8.5.6 Vmware Fusion 8.5.8 Vmware Fusion 8.5 Vmware Fusion 8.0 Vmware Fusion 10.0 Vmware Fusion 10.0.0 Vmware Fusion 10.0.1 Vmware Fusion 10.1.0	48

Common Weakness Enumeration (CWE)

CWE-772 - Missing Release of Resource after Effective Lifetime

Common Attack Pattern Enumeration and Classification (CAPEC)

HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FUSION_VMSA_2018_0008.NASL
description	The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.1. It is, therefore, affected by a denial of service vulnerability which can be triggered by opening a large number of VNC sessions. In order for exploitation to be possible, VNC feature must be manually enabled.
last seen	2020-06-01
modified	2020-06-02
plugin id	118981
published	2018-11-16
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118981
title	VMware Fusion 10.x < 10.1.1 Denial of Service Vulnerability (VMSA-2018-0008) (macOS)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(118981); script_version("1.2"); script_cvs_date("Date: 2019/11/01"); script_cve_id("CVE-2018-6957"); script_bugtraq_id(103431); script_xref(name:"VMSA", value:"2018-0008"); script_name(english:"VMware Fusion 10.x < 10.1.1 Denial of Service Vulnerability (VMSA-2018-0008) (macOS)"); script_summary(english:"Checks the VMware Fusion version."); script_set_attribute(attribute:"synopsis", value: "A virtualisation application installed on the remote macOS or Mac OS X host is affected by a denial of service vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.1. It is, therefore, affected by a denial of service vulnerability which can be triggered by opening a large number of VNC sessions. In order for exploitation to be possible, VNC feature must be manually enabled."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0008.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Fusion version 10.1.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6957"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/15"); script_set_attribute(attribute:"patch_publication_date", value:"2018/03/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion"); exit(0); } include("vcf.inc"); app_info = vcf::get_app_info(app:"VMware Fusion"); vcf::check_granularity(app_info:app_info, sig_segments:2); # VMWare Fusion 8.X is no longer supported constraints = [ { "min_version" : "10", "fixed_version" : "10.1.1" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);

NASL family	General
NASL id	VMWARE_WORKSTATION_VMSA_2018_0008.NASL
description	The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.1. It is, therefore, affected by denial of service vulnerability which can be triggered by opening a large number of VNC sessions. In order for exploitation to be possible, VNC feature must be manually enabled.
last seen	2020-06-01
modified	2020-06-02
plugin id	118980
published	2018-11-16
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118980
title	VMware Workstation 14.x < 14.1.1 Denial of Service Vulnerability (VMSA-2018-0008)

Talos

id	TALOS-2017-0376
last seen	2019-05-29
published	2018-03-15
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0376
title	VMware VNC Lock Count Denial of Service Vulnerability