// For flags

CVE-2018-6963

VMware Workstation ghi update Null Pointer Dereference Denial of Service Vulnerability

Severity Score

5.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware Workstation (14.x before 14.1.2) and Fusion (10.x before 10.1.2) contain multiple denial-of-service vulnerabilities that occur due to NULL pointer dereference issues in the RPC handler. Successful exploitation of these issues may allow an attacker with limited privileges on the guest machine trigger a denial-of-Service of their guest machine.

VMware Fusion (versiones 10.x anteriores a la 10.1.2) contiene una vulnerabilidad de omisión de firmas que podría conducir a un escalado de privilegios local.

This vulnerability allows local attackers to deny service on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on a guest OS in order to exploit this vulnerability.
The specific flaw exists within the ghi.guest.trayIcon.update RPC function. A crafted request can trigger the dereference of a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition to users of the guest OS.

*Credits: Hahna Latonick and Kevin Fujimoto
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-02-14 CVE Reserved
  • 2018-05-21 CVE Published
  • 2023-05-16 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-476: NULL Pointer Dereference
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Fusion
Search vendor "Vmware" for product "Fusion"
>= 10.0 < 10.1.2
Search vendor "Vmware" for product "Fusion" and version " >= 10.0 < 10.1.2"
-
Affected
Vmware
Search vendor "Vmware"
Workstation
Search vendor "Vmware" for product "Workstation"
>= 14.0 < 14.1.2
Search vendor "Vmware" for product "Workstation" and version " >= 14.0 < 14.1.2"
-
Affected