5.5

CVE-2018-6963

EPSS 0.06%
Published 22.05.2018 13:29:00
Last modified 21.11.2024 04:11:29
Source security@vmware.com
Teams watchlist Login
Open Login

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Fusion Version >= 10.0 < 10.1.2

VMware ≫ Workstation Version >= 14.0 < 14.1.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.2

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

http://www.securitytracker.com/id/1040957

Third Party Advisory

VDB Entry

https://www.vmware.com/security/advisories/VMSA-2018-0013.html

Patch

Vendor Advisory

http://www.securityfocus.com/bid/104237

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2018-6963

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-6963

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-6963

EUVD