Vulnerabilities > CVE-2018-6957 - Missing Release of Resource after Effective Lifetime vulnerability in VMWare Fusion, Workstation Player and Workstation PRO

047910
CVSS 3.5 - LOW
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
vmware
CWE-772
nessus

Summary

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.

Common Attack Pattern Enumeration and Classification (CAPEC)

  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FUSION_VMSA_2018_0008.NASL
    descriptionThe version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.1. It is, therefore, affected by a denial of service vulnerability which can be triggered by opening a large number of VNC sessions. In order for exploitation to be possible, VNC feature must be manually enabled.
    last seen2020-06-01
    modified2020-06-02
    plugin id118981
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118981
    titleVMware Fusion 10.x < 10.1.1 Denial of Service Vulnerability (VMSA-2018-0008) (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118981);
      script_version("1.2");
      script_cvs_date("Date: 2019/11/01");
    
      script_cve_id("CVE-2018-6957");
      script_bugtraq_id(103431);
      script_xref(name:"VMSA", value:"2018-0008");
    
      script_name(english:"VMware Fusion 10.x < 10.1.1 Denial of Service Vulnerability (VMSA-2018-0008) (macOS)");
      script_summary(english:"Checks the VMware Fusion version.");
    
      script_set_attribute(attribute:"synopsis", value:
    "A virtualisation application installed on the remote macOS or Mac OS X
    host is affected by a denial of service vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of VMware Fusion installed on the remote macOS or
    Mac OS X host is 10.x prior to 10.1.1. It is, therefore, affected by
    a denial of service vulnerability which can be triggered by opening
    a large number of VNC sessions. In order for exploitation to be
    possible, VNC feature must be manually enabled.");
      script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0008.html");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to VMware Fusion version 10.1.1 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6957");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/03/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/03/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/16");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_fusion_detect.nasl");
      script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion");
    
      exit(0);
    }
    
    include("vcf.inc");
    
    app_info = vcf::get_app_info(app:"VMware Fusion");
    vcf::check_granularity(app_info:app_info, sig_segments:2);
    
    # VMWare Fusion 8.X is no longer supported
    constraints = [
      { "min_version" : "10", "fixed_version" : "10.1.1" }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
    
  • NASL familyGeneral
    NASL idVMWARE_WORKSTATION_VMSA_2018_0008.NASL
    descriptionThe version of VMware Workstation installed on the remote host is 14.x prior to 14.1.1. It is, therefore, affected by denial of service vulnerability which can be triggered by opening a large number of VNC sessions. In order for exploitation to be possible, VNC feature must be manually enabled.
    last seen2020-06-01
    modified2020-06-02
    plugin id118980
    published2018-11-16
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118980
    titleVMware Workstation 14.x < 14.1.1 Denial of Service Vulnerability (VMSA-2018-0008)

Talos

idTALOS-2017-0376
last seen2019-05-29
published2018-03-15
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0376
titleVMware VNC Lock Count Denial of Service Vulnerability