Vulnerability Description
VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Workstation | >= 14.0, < 14.1.2 |
| Vmware | Fusion | >= 10.0, < 10.1.2 |
| Apple | Mac Os X | - |
| Vmware | Esxi | 5.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/104884Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041356Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041357Broken LinkThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0018.htmlPatchVendor Advisory
- http://www.securityfocus.com/bid/104884Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041356Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1041357Broken LinkThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2018-0018.htmlPatchVendor Advisory
FAQ
What is CVE-2018-6972?
CVE-2018-6972 is a vulnerability with a CVSS score of 6.5 (MEDIUM). VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x ...
How severe is CVE-2018-6972?
CVE-2018-6972 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-6972?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workstation, Vmware Fusion, Apple Mac Os X, Vmware Esxi.