Vulnerabilities > CVE-2018-6963 - NULL Pointer Dereference vulnerability in VMWare Fusion and Workstation

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

local

low complexity

vmware

CWE-476

nessus

NVD

Published: 2018-05-22

Updated: 2018-06-26

Summary

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Fusion 10.0.0 Vmware Fusion 10.0.1 Vmware Fusion 10.1.0 Vmware Fusion 10.1.1 Vmware Workstation 14.0 Vmware Workstation 14.0.0 Vmware Workstation 14.1.0 Vmware Workstation 14.1.1	8

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FUSION_VMSA_2018_0013.NASL
description	The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.2. It is, therefore, missing a security update that fixes multiple flaws that allow local privilege escalation and multiple denial of service attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	110097
published	2018-05-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110097
title	VMware Fusion 10.x < 10.1.2 Multiple Vulnerabilities (VMSA-2018-0013) (macOS)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110097); script_version("1.4"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2018-6962", "CVE-2018-6963"); script_bugtraq_id(104235, 104237); script_xref(name:"VMSA", value:"2018-0013"); script_name(english:"VMware Fusion 10.x < 10.1.2 Multiple Vulnerabilities (VMSA-2018-0013) (macOS)"); script_summary(english:"Checks the VMware Fusion version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.2. It is, therefore, missing a security update that fixes multiple flaws that allow local privilege escalation and multiple denial of service attacks."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/us/security/advisories/VMSA-2018-0013.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Fusion version 10.1.2 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6962"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("Host/local_checks_enabled"); os = get_kb_item("Host/MacOSX/Version"); if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); install = get_single_install(app_name:"VMware Fusion", exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fix = ''; if (version =~ "^10\.") fix = '10.1.2'; else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path); if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { report += '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:0, extra:report, severity:SECURITY_HOLE); } else audit(AUDIT_INST_PATH_NOT_VULN, "VMware Fusion", version, path);

NASL family	Windows
NASL id	VMWARE_WORKSTATION_WIN_VMSA_2018_0013.NASL
description	The version of VMware Workstation installed on the remote Windows host is 14.x prior to 14.1.2. It is, therefore, missing a security update that fixes multiple RPC related flaws that allow denial of service attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	110099
published	2018-05-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110099
title	VMware Workstation 14.x < 14.1.2 Multiple DoS (VMSA-2018-0013)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(110099); script_version("1.4"); script_cvs_date("Date: 2019/11/04"); script_cve_id("CVE-2018-6963"); script_bugtraq_id(104237); script_xref(name:"VMSA", value:"2018-0013"); script_name(english:"VMware Workstation 14.x < 14.1.2 Multiple DoS (VMSA-2018-0013)"); script_summary(english:"Checks the VMware Workstation version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote Windows host is affected by multiple denial of service vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote Windows host is 14.x prior to 14.1.2. It is, therefore, missing a security update that fixes multiple RPC related flaws that allow denial of service attacks."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/us/security/advisories/VMSA-2018-0013.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Workstation version 14.1.2 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6963"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/05/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_detect.nasl"); script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Workstation"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("install_func.inc"); include("misc_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); appname = 'VMware Workstation'; install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE); version = install['version']; path = install['path']; fix = ''; if (version =~ "^14\.") fix = "14.1.2"; else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path); if (!empty(fix) && ver_compare(ver:version, fix:fix, strict:FALSE) < 0) { port = get_kb_item("SMB/transport"); if (!port) port = 445; report = '\n Path : ' + path + '\n Installed version : ' + version + '\n Fixed version : ' + fix + '\n'; security_report_v4(port:port, extra:report, severity:SECURITY_NOTE); } else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

NASL family	Windows
NASL id	VMWARE_PLAYER_WIN_VMSA_2018_0013.NASL
description	The version of VMware Player installed on the remote Windows host is 14.x prior to 14.1.2. It is, therefore, missing a security update that fixes multiple RPC related flaws that allow denial of service attacks.
last seen	2020-06-01
modified	2020-06-02
plugin id	110098
published	2018-05-24
reporter	This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/110098
title	VMware Player 14.x < 14.1.2 Multiple DoS (VMSA-2018-0013)

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

References