5.5

CVE-2018-6963

EPSS 0.06%
Veröffentlicht 22.05.2018 13:29:00
Zuletzt bearbeitet 21.11.2024 04:11:29
Quelle security@vmware.com
Teams Watchlist Login
Unerledigt Login

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

VMware ≫ Fusion Version >= 10.0 < 10.1.2

VMware ≫ Workstation Version >= 14.0 < 14.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.2

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.securitytracker.com/id/1040957

Third Party Advisory

VDB Entry

https://www.vmware.com/security/advisories/VMSA-2018-0013.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/104237

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-6963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-6963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-6963

EUVD