CVE-2018-6969

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.

CVSS v3.0 7.0 HIGH
CVSS v2.0 4.4 MEDIUM

7.0^/10

CVSS v3.0 : HIGH

Vector : AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability : 1.0 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2018-0017.html	Patch Vendor Advisory
http://www.securityfocus.com/bid/104737	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1041291	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*

Information

Published : 2018-07-13 06:29

Updated : 2018-09-11 07:47

NVD link : CVE-2018-6969

Mitre link : CVE-2018-6969

JSON object : View

CWE

CWE-125

Out-of-bounds Read

Advertisement

Products Affected

vmware

tools

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.vmware.com/security/advisories/VMSA-2018-0017.html", "name": "https://www.vmware.com/security/advisories/VMSA-2018-0017.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/104737", "name": "104737", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id/1041291", "name": "1041291", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-125"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2018-6969", "ASSIGNER": "security@vmware.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.4, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}}, "publishedDate": "2018-07-13T13:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "10.3.0"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-09-11T14:47Z"}