CVE-2018-6983

HIGH

Description

VMware Workstation (15.x before 15.0.2 and 14.x before 14.1.5) and Fusion (11.x before 11.0.2 and 10.x before 10.1.5) contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

References

http://www.securityfocus.com/bid/105986

https://www.vmware.com/security/advisories/VMSA-2018-0030.html

Details

Source: MITRE

Published: 2018-11-27

Updated: 2018-12-19

Type: CWE-190

Risk Information

CVSS v2.0

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2

Severity: HIGH

Tenable Plugins

View all (2 total)

ID	Name	Product	Family	Severity
119099	VMware Fusion 10.x < 10.1.5 / 11.x < 11.0.2 Virtual Network Integer Overflow Vulnerability (VMSA-2018-0030) (macOS)	Nessus	MacOS X Local Security Checks	high
119098	VMware Workstation 14.x < 14.1.5 / 15.x < 15.0.2 Virtual Network Integer Overflow Vulnerability (VMSA-2018-0030)	Nessus	General	high