Vulnerabilities > CVE-2018-6974 - Out-of-bounds Read vulnerability in VMWare Esxi, Fusion and Workstation
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 13 | |
OS | 1 | |
OS | 123 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Overread Buffers An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
Nessus
NASL family General NASL id VMWARE_WORKSTATION_LINUX_VMSA_2018_0026.NASL description The version of VMware Workstation installed on the remote Linux host is 14.x prior to 14.1.3. It is, therefore, affected by an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 118464 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118464 title VMware Workstation 14.x < 14.1.3 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (Linux) NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_VMSA_2018_0026.NASL description The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.3. It is, therefore, affected by an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 118465 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118465 title VMware Fusion 10.x < 10.1.3 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (macOS) NASL family Misc. NASL id VMWARE_ESXI_VMSA-2018-0026.NASL description The remote VMware ESXi host is version 6.0, 6.5, or 6.7 and is missing a security patch. It is, therefore, vulnerable to an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 118466 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118466 title ESXi 6.0 / 6.5 / 6.7 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) (Remote Check) NASL family Windows NASL id VMWARE_WORKSTATION_WIN_VMSA_2018_0026.NASL description The version of VMware Workstation installed on the remote Windows host is 14.x prior to 14.1.3. It is, therefore, affected by an out-of-bounds read vulnerability in SVGA devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 118467 published 2018-10-26 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118467 title VMware Workstation 14.x < 14.1.3 Out-of-Bounds Read Vulnerability (VMSA-2018-0026) NASL family VMware ESX Local Security Checks NASL id VMWARE_VMSA-2018-0026.NASL description Out-of-bounds read vulnerability in SVGA Device VMware ESXi, Fusion and Workstation contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. VMware would like to thank Anonymous working with Trend Micro last seen 2020-06-01 modified 2020-06-02 plugin id 118360 published 2018-10-24 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/118360 title VMSA-2018-0026 : VMware ESXi, Workstation, and Fusion updates address an out-of-bounds read vulnerability
References
- http://www.securityfocus.com/bid/105660
- http://www.securityfocus.com/bid/105660
- http://www.securitytracker.com/id/1041875
- http://www.securitytracker.com/id/1041875
- http://www.securitytracker.com/id/1041876
- http://www.securitytracker.com/id/1041876
- https://www.vmware.com/security/advisories/VMSA-2018-0026.html
- https://www.vmware.com/security/advisories/VMSA-2018-0026.html