Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

VMware Issues Security Advisory for Guest-to-Host Escape Vulnerability (CVE-2018-6981)

VMware issued an advisory about two uninitialized stack memory usage bugs and has released patches and updates for some versions of the affected software.

Background

On November 9, VMware published a security advisory to address a Guest-to-Host Escape vulnerability affecting VMware ESXi, Workstation and Fusion. The vulnerability was discovered and released by a security researcher at GeekPwn 2018, an annual security conference in Shanghai, China which took place in late October 2018. The researcher reported the vulnerability to VMware through GeekPwn.

Source: @ChaitinTech on Twitter.

Vulnerability details

According to VMware’s Security Advisory, Zhangyanyu of Chaitin Tech reported two uninitialized stack memory usage bugs (CVE-2018-6981 and CVE-2018-6982) in the vmxnet3 virtual network adapter used in VMware. VMware notes that the vulnerability does not affect non-vmxnet3 virtual network adapters.

Exploitation of CVE-2018-6981 can lead to a guest-to-host escape, allowing the guest to execute code on the host, while exploitation of CVE-2018-6982 can lead to information disclosure from host to guest. In a tweet that includes a video demonstration of the exploit, Chaitin Tech asserts that this is the first time that anyone has escaped VMware EXSi and obtained a root shell on the host.

Urgently required actions

VMware’s Security Advisory includes patch availability details for consumers and businesses. Tenable’s Security Response team strongly encourages patching VMware ESXi versions and upgrading VMware Workstation and VMware Fusion using the table below:

Source: VMware Security Advisory

Identifying affected systems

A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

Get more information

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,190.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security