Vulnerability Details : CVE-2018-6982
VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an information leak from host to guest.
Products affected by CVE-2018-6982
- cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:workstation:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:fusion:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201702212:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201703401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201706101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201706102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201706103:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201706401:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201706402:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201706403:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201710301:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201701001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201703001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201703002:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201704001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201710001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201712001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201811002:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201806001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201808001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201806001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201811001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201803001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201810001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.5:650-201810002:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201807001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201808001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:*
- cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:*
Threat overview for CVE-2018-6982
Top countries where our scanners detected CVE-2018-6982
Top open port discovered on systems with this issue
443
IPs affected by CVE-2018-6982 33,130
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2018-6982!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2018-6982
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 26 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-6982
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST | |
6.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
2.0
|
4.0
|
NIST |
CWE ids for CVE-2018-6982
-
The product uses or accesses a resource that has not been initialized.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-6982
-
http://www.securitytracker.com/id/1042055
VMware ESXi vmxnet3 Stack Memory Initialization Bugs Let Remote Users on a Guest System Gain Elevated Privileges on the Host System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/105882
Multiple VMware Products CVE-2018-6982 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://www.vmware.com/security/advisories/VMSA-2018-0027.html
VMSA-2018-0027Vendor Advisory
Jump to