Vulnerabilities > CVE-2018-6963 - NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_VMSA_2018_0013.NASL description The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.2. It is, therefore, missing a security update that fixes multiple flaws that allow local privilege escalation and multiple denial of service attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 110097 published 2018-05-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110097 title VMware Fusion 10.x < 10.1.2 Multiple Vulnerabilities (VMSA-2018-0013) (macOS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110097); script_version("1.4"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2018-6962", "CVE-2018-6963"); script_bugtraq_id(104235, 104237); script_xref(name:"VMSA", value:"2018-0013"); script_name(english:"VMware Fusion 10.x < 10.1.2 Multiple Vulnerabilities (VMSA-2018-0013) (macOS)"); script_summary(english:"Checks the VMware Fusion version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.2. It is, therefore, missing a security update that fixes multiple flaws that allow local privilege escalation and multiple denial of service attacks."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/us/security/advisories/VMSA-2018-0013.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Fusion version 10.1.2 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6962"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("Host/local_checks_enabled"); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); install = get_single_install(app_name:"VMware Fusion", exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fix = ''; if (version =~ "^10\.") fix = '10.1.2'; else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path); if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { report += '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_HOLE); } else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path);
NASL family Windows NASL id VMWARE_WORKSTATION_WIN_VMSA_2018_0013.NASL description The version of VMware Workstation installed on the remote Windows host is 14.x prior to 14.1.2. It is, therefore, missing a security update that fixes multiple RPC related flaws that allow denial of service attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 110099 published 2018-05-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110099 title VMware Workstation 14.x < 14.1.2 Multiple DoS (VMSA-2018-0013) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110099); script_version("1.4"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2018-6963"); script_bugtraq_id(104237); script_xref(name:"VMSA", value:"2018-0013"); script_name(english:"VMware Workstation 14.x < 14.1.2 Multiple DoS (VMSA-2018-0013)"); script_summary(english:"Checks the VMware Workstation version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote Windows host is affected by multiple denial of service vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote Windows host is 14.x prior to 14.1.2. It is, therefore, missing a security update that fixes multiple RPC related flaws that allow denial of service attacks."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/us/security/advisories/VMSA-2018-0013.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Workstation version 14.1.2 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6963"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_detect.nasl"); script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Workstation"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); appname = 'VMware Workstation'; install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fix = ''; if (version =~ "^14\.") fix = "14.1.2"; else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path); if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_NOTE); } else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);
NASL family Windows NASL id VMWARE_PLAYER_WIN_VMSA_2018_0013.NASL description The version of VMware Player installed on the remote Windows host is 14.x prior to 14.1.2. It is, therefore, missing a security update that fixes multiple RPC related flaws that allow denial of service attacks. last seen 2020-06-01 modified 2020-06-02 plugin id 110098 published 2018-05-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/110098 title VMware Player 14.x < 14.1.2 Multiple DoS (VMSA-2018-0013)