Vulnerabilities > CVE-2018-6983 - Integer Overflow or Wraparound vulnerability in VMWare Fusion and Workstation
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Forced Integer Overflow This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_VMSA_2018_0030.NASL description The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.5 or 11.x prior to 11.0.2. It is, therefore, affected by integer overflow vulnerability in the virtual network devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability. last seen 2020-03-21 modified 2018-11-23 plugin id 119099 published 2018-11-23 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119099 title VMware Fusion 10.x < 10.1.5 / 11.x < 11.0.2 Virtual Network Integer Overflow Vulnerability (VMSA-2018-0030) (macOS) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119099); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/20"); script_cve_id("CVE-2018-6983"); script_bugtraq_id(105986); script_xref(name:"VMSA", value:"2018-0030"); script_name(english:"VMware Fusion 10.x < 10.1.5 / 11.x < 11.0.2 Virtual Network Integer Overflow Vulnerability (VMSA-2018-0030) (macOS)"); script_summary(english:"Checks the VMware Fusion version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote macOS or Mac OS X host is affected by an integer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.5 or 11.x prior to 11.0.2. It is, therefore, affected by integer overflow vulnerability in the virtual network devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0030.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Fusion version 10.1.5, 11.0.2, or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6983"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/22"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion"); exit(0); } include("vcf.inc"); app_info = vcf::get_app_info(app:"VMware Fusion"); vcf::check_granularity(app_info:app_info, sig_segments:2); constraints = [ { "min_version" : "10", "fixed_version" : "10.1.5" }, { "min_version" : "11", "fixed_version" : "11.0.2" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);NASL family General NASL id VMWARE_WORKSTATION_VMSA_2018_0030.NASL description The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.5 or 15.x prior to 15.0.2. It is, therefore, affected by an integer overflow vulnerability in the virtual network devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability. last seen 2020-06-01 modified 2020-06-02 plugin id 119098 published 2018-11-23 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119098 title VMware Workstation 14.x < 14.1.5 / 15.x < 15.0.2 Virtual Network Integer Overflow Vulnerability (VMSA-2018-0030) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119098); script_version("1.4"); script_cvs_date("Date: 2019/11/01"); script_cve_id("CVE-2018-6983"); script_bugtraq_id(105986); script_xref(name:"VMSA", value:"2018-0030"); script_name(english:"VMware Workstation 14.x < 14.1.5 / 15.x < 15.0.2 Virtual Network Integer Overflow Vulnerability (VMSA-2018-0030)"); script_summary(english:"Checks the VMware Workstation version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote Windows host is affected by an integer overflow vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.5 or 15.x prior to 15.0.2. It is, therefore, affected by an integer overflow vulnerability in the virtual network devices. An attacker with access to a guest system may be able to execute code on the host system by leveraging this vulnerability."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2018-0030.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Workstation version 14.1.5, 15.0.2, or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-6983"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/22"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/23"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"General"); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_detect.nasl", "vmware_workstation_linux_installed.nbin"); script_require_keys("installed_sw/VMware Workstation"); exit(0); } include("vcf.inc"); if (get_kb_item("SMB/Registry/Enumerated")) win_local = TRUE; app_info = vcf::get_app_info(app:"VMware Workstation", win_local:win_local); vcf::check_granularity(app_info:app_info, sig_segments:2); constraints = [ { "min_version" : "14", "fixed_version" : "14.1.5" }, { "min_version" : "15", "fixed_version" : "15.0.2" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);