CVE-2018-6973

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

References

http://www.securityfocus.com/bid/105094

http://www.securitytracker.com/id/1041491

https://www.vmware.com/security/advisories/VMSA-2018-0022.html

Details

Source: MITRE

Published: 2018-08-15

Updated: 2018-10-15

Type: CWE-787

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2

Severity: HIGH

Tenable Plugins

View all (5 total)

IDNameProductFamilySeverity
111979VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022)NessusWindows
high
111978VMware Player 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-022)NessusWindows
high
111977VMware Fusion 10.x < 10.1.3 Out-of-Bounds Write Vulnerabilities (VMSA-2018-0022) (macOS)NessusMacOS X Local Security Checks
high
111976VMware Workstation 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-0022) (Linux)NessusGeneral
high
111975VMware Player 14.x < 14.1.3 Out-of-Bounds Write (VMSA-2018-022) (Linux)NessusGeneral
high