Vulnerability Details : CVE-2018-6969
VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.
Vulnerability category: Information leak
Products affected by CVE-2018-6969
- cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-6969
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-6969
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST | |
|
7.0
|
HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.0
|
5.9
|
NIST |
CWE ids for CVE-2018-6969
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6969
-
http://www.securityfocus.com/bid/104737
VMware Tools HGFS CVE-2018-6969 Local Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://www.vmware.com/security/advisories/VMSA-2018-0017.html
VMSA-2018-0017.4Patch;Vendor Advisory
-
http://www.securitytracker.com/id/1041291
VMware Tools Out-of-Bounds Memory Read Error Lets Local Users on a Guest System Gain Elevated Privileges on the Guest System - SecurityTrackerThird Party Advisory;VDB Entry
Jump to