cvelistv5 - cve-2018-6973

CVE-2018-6973 (GCVE-0-2018-6973)

Vulnerability from cvelistv5 – Published: 2018-08-15 12:00 – Updated: 2024-09-17 02:41

Summary

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

Severity ?

No CVSS data available.

CWE

Out-of-bounds write vulnerability

Assigner

vmware

References

URL

Tags

	http://www.securitytracker.com/id/1041491	vdb-entryx_refsource_SECTRACK
	https://www.vmware.com/security/advisories/VMSA-2…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105094	vdb-entryx_refsource_BID

Impacted products

Vendor

Product

Version

VMware

Workstation

Affected: 14.x before 14.1.3

VMware

Fusion

Affected: 10.x before 10.1.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:17.435Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041491",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041491"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
          },
          {
            "name": "105094",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105094"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Workstation",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "14.x before 14.1.3"
            }
          ]
        },
        {
          "product": "Fusion",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "10.x before 10.1.3"
            }
          ]
        }
      ],
      "datePublic": "2018-08-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds write vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-08-16T09:57:01",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "name": "1041491",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041491"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
        },
        {
          "name": "105094",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105094"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "DATE_PUBLIC": "2018-08-14T00:00:00",
          "ID": "CVE-2018-6973",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Workstation",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "14.x before 14.1.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Fusion",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.x before 10.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Out-of-bounds write vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041491",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041491"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
            },
            {
              "name": "105094",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105094"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2018-6973",
    "datePublished": "2018-08-15T12:00:00Z",
    "dateReserved": "2018-02-14T00:00:00",
    "dateUpdated": "2024-09-17T02:41:38.547Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\", \"versionStartExcluding\": \"10.0.0\", \"versionEndExcluding\": \"10.1.3\", \"matchCriteriaId\": \"AFD884A1-8F04-4B77-BF46-D074BAABE70A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndExcluding\": \"14.1.3\", \"matchCriteriaId\": \"BA96BDE8-8107-47E9-BF6C-6F742455FB07\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.\"}, {\"lang\": \"es\", \"value\": \"VMware Workstation (en versiones 14.x anteriores a la 14.1.3) y Fusion (en versiones 10.x anteriores a la 10.1.3) contienen una vulnerabilidad de escritura fuera de l\\u00edmites en el dispositivo e1000. Este problema puede permitir que un invitado ejecute c\\u00f3digo en el host.\"}]",
      "id": "CVE-2018-6973",
      "lastModified": "2024-11-21T04:11:30.703",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-08-15T12:29:00.587",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/105094\", \"source\": \"security@vmware.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041491\", \"source\": \"security@vmware.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2018-0022.html\", \"source\": \"security@vmware.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/105094\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1041491\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.vmware.com/security/advisories/VMSA-2018-0022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security@vmware.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-6973\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2018-08-15T12:29:00.587\",\"lastModified\":\"2024-11-21T04:11:30.703\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.\"},{\"lang\":\"es\",\"value\":\"VMware Workstation (en versiones 14.x anteriores a la 14.1.3) y Fusion (en versiones 10.x anteriores a la 10.1.3) contienen una vulnerabilidad de escritura fuera de l\u00edmites en el dispositivo e1000. Este problema puede permitir que un invitado ejecute c\u00f3digo en el host.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"10.0.0\",\"versionEndExcluding\":\"10.1.3\",\"matchCriteriaId\":\"AFD884A1-8F04-4B77-BF46-D074BAABE70A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.1.3\",\"matchCriteriaId\":\"BA96BDE8-8107-47E9-BF6C-6F742455FB07\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105094\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041491\",\"source\":\"security@vmware.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2018-0022.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/105094\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1041491\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2018-0022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2018-AVI-385

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des contournements provisoires (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Workstation versions 14.x antérieures à 14.1.3
VMware	N/A	VMware VC versions 6.5 antérieures à 6.5u2c
VMware	ESXi	VMware ESXi version 6.5 sans les correctifs de sécurité ESXi650-201808401-BG, ESXi650-201808402-BG et ESXi650-201808403-BG
VMware	N/A	vSphere Integrated Containers (VIC)
VMware	Fusion	VMware Fusion versions 10.x pour OS X antérieures à 10.1.3
VMware	ESXi	VMware ESXi version 5.5 sans les correctifs de sécurité ESXi550-201808401-BG, ESXi550-201808402-BG et ESXi550-201808403-BG
VMware	N/A	vRealize Automation (vRA)
VMware	ESXi	VMware ESXi version 6.0 sans les correctifs de sécurité ESXi600-201808401-BG, ESXi600-201808402-BG et ESXi600-201808403-BG
VMware	N/A	VMware VC versions 6.7 antérieures à 6.7.0d
VMware	N/A	VMware VC versions 5.5 antérieures à 5.5u3j
VMware	vCenter Server	vCenter Server (vCSA)
VMware	ESXi	VMware ESXi version 6.7 sans les correctifs de sécurité ESXi670-201808401-BG, ESXi670-201808402-BG et ESXi670-201808403-BG
VMware	N/A	VMware VC versions 6.0 antérieures à 6.0u3h
VMware	N/A	vSphere Data Protection (VDP)
VMware	N/A	vCloud Usage Meter (UM)
VMware	N/A	Identity Manager (vIDM)

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2018-0022 du 14 août 2018	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2018-0020 du 14 août 2018	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2018-0021 du 14 août 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Workstation versions 14.x ant\u00e9rieures \u00e0 14.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 6.5 ant\u00e9rieures \u00e0 6.5u2c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 6.5 sans les correctifs de s\u00e9curit\u00e9 ESXi650-201808401-BG, ESXi650-201808402-BG et ESXi650-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Integrated Containers (VIC)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Fusion versions 10.x pour OS X ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 5.5 sans les correctifs de s\u00e9curit\u00e9 ESXi550-201808401-BG, ESXi550-201808402-BG et ESXi550-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vRealize Automation (vRA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 6.0 sans les correctifs de s\u00e9curit\u00e9 ESXi600-201808401-BG, ESXi600-201808402-BG et ESXi600-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 6.7 ant\u00e9rieures \u00e0 6.7.0d",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 5.5 ant\u00e9rieures \u00e0 5.5u3j",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter Server (vCSA)",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 6.7 sans les correctifs de s\u00e9curit\u00e9 ESXi670-201808401-BG, ESXi670-201808402-BG et ESXi670-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 6.0 ant\u00e9rieures \u00e0 6.0u3h",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Data Protection (VDP)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCloud Usage Meter (UM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Manager (vIDM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncontournements provisoires (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-6973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6973"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-385",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0022 du 14 ao\u00fbt 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0020 du 14 ao\u00fbt 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0020.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0021 du 14 ao\u00fbt 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0021.html"
    }
  ]
}

CERTFR-2018-AVI-385

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des contournements provisoires (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
VMware	N/A	VMware Workstation versions 14.x antérieures à 14.1.3
VMware	N/A	VMware VC versions 6.5 antérieures à 6.5u2c
VMware	ESXi	VMware ESXi version 6.5 sans les correctifs de sécurité ESXi650-201808401-BG, ESXi650-201808402-BG et ESXi650-201808403-BG
VMware	N/A	vSphere Integrated Containers (VIC)
VMware	Fusion	VMware Fusion versions 10.x pour OS X antérieures à 10.1.3
VMware	ESXi	VMware ESXi version 5.5 sans les correctifs de sécurité ESXi550-201808401-BG, ESXi550-201808402-BG et ESXi550-201808403-BG
VMware	N/A	vRealize Automation (vRA)
VMware	ESXi	VMware ESXi version 6.0 sans les correctifs de sécurité ESXi600-201808401-BG, ESXi600-201808402-BG et ESXi600-201808403-BG
VMware	N/A	VMware VC versions 6.7 antérieures à 6.7.0d
VMware	N/A	VMware VC versions 5.5 antérieures à 5.5u3j
VMware	vCenter Server	vCenter Server (vCSA)
VMware	ESXi	VMware ESXi version 6.7 sans les correctifs de sécurité ESXi670-201808401-BG, ESXi670-201808402-BG et ESXi670-201808403-BG
VMware	N/A	VMware VC versions 6.0 antérieures à 6.0u3h
VMware	N/A	vSphere Data Protection (VDP)
VMware	N/A	vCloud Usage Meter (UM)
VMware	N/A	Identity Manager (vIDM)

References

Title

Publication Time

Tags

Bulletin de sécurité VMware VMSA-2018-0022 du 14 août 2018	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2018-0020 du 14 août 2018	None	vendor-advisory
Bulletin de sécurité VMware VMSA-2018-0021 du 14 août 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "VMware Workstation versions 14.x ant\u00e9rieures \u00e0 14.1.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 6.5 ant\u00e9rieures \u00e0 6.5u2c",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 6.5 sans les correctifs de s\u00e9curit\u00e9 ESXi650-201808401-BG, ESXi650-201808402-BG et ESXi650-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Integrated Containers (VIC)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware Fusion versions 10.x pour OS X ant\u00e9rieures \u00e0 10.1.3",
      "product": {
        "name": "Fusion",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 5.5 sans les correctifs de s\u00e9curit\u00e9 ESXi550-201808401-BG, ESXi550-201808402-BG et ESXi550-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vRealize Automation (vRA)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 6.0 sans les correctifs de s\u00e9curit\u00e9 ESXi600-201808401-BG, ESXi600-201808402-BG et ESXi600-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 6.7 ant\u00e9rieures \u00e0 6.7.0d",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 5.5 ant\u00e9rieures \u00e0 5.5u3j",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCenter Server (vCSA)",
      "product": {
        "name": "vCenter Server",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware ESXi version 6.7 sans les correctifs de s\u00e9curit\u00e9 ESXi670-201808401-BG, ESXi670-201808402-BG et ESXi670-201808403-BG",
      "product": {
        "name": "ESXi",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "VMware VC versions 6.0 ant\u00e9rieures \u00e0 6.0u3h",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vSphere Data Protection (VDP)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "vCloud Usage Meter (UM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Identity Manager (vIDM)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncontournements provisoires (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-6973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6973"
    },
    {
      "name": "CVE-2018-3620",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3620"
    },
    {
      "name": "CVE-2018-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-3646"
    }
  ],
  "links": [],
  "reference": "CERTFR-2018-AVI-385",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-08-16T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0022 du 14 ao\u00fbt 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0020 du 14 ao\u00fbt 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0020.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2018-0021 du 14 ao\u00fbt 2018",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0021.html"
    }
  ]
}

GSD-2018-6973

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

Aliases

CVE-2018-6973

Aliases

CVE-2018-6973

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-6973",
    "description": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.",
    "id": "GSD-2018-6973"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-6973"
      ],
      "details": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.",
      "id": "GSD-2018-6973",
      "modified": "2023-12-13T01:22:35.788664Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@vmware.com",
        "DATE_PUBLIC": "2018-08-14T00:00:00",
        "ID": "CVE-2018-6973",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Workstation",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "14.x before 14.1.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Fusion",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "10.x before 10.1.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "VMware"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Out-of-bounds write vulnerability"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1041491",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041491"
          },
          {
            "name": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html",
            "refsource": "CONFIRM",
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
          },
          {
            "name": "105094",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/105094"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.1.3",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.1.3",
                "versionStartExcluding": "10.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2018-6973"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
            },
            {
              "name": "1041491",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041491"
            },
            {
              "name": "105094",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/105094"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.0,
          "impactScore": 6.0
        }
      },
      "lastModifiedDate": "2018-10-15T18:35Z",
      "publishedDate": "2018-08-15T12:29Z"
    }
  }
}

GHSA-M7MH-M68X-WQXX

Vulnerability from github – Published: 2022-05-14 02:21 – Updated: 2022-05-14 02:21

Details

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

Severity ?

8.8 (High)


                  
                    CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-6973"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-08-15T12:29:00Z",
    "severity": "HIGH"
  },
  "details": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.",
  "id": "GHSA-m7mh-m68x-wqxx",
  "modified": "2022-05-14T02:21:28Z",
  "published": "2022-05-14T02:21:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-6973"
    },
    {
      "type": "WEB",
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/105094"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041491"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-6973

Vulnerability from fkie_nvd - Published: 2018-08-15 12:29 - Updated: 2024-11-21 04:11

Severity ?

8.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Summary

VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host.

References

URL	Tags
security@vmware.com	http://www.securityfocus.com/bid/105094	Third Party Advisory, VDB Entry
security@vmware.com	http://www.securitytracker.com/id/1041491	Third Party Advisory, VDB Entry
security@vmware.com	https://www.vmware.com/security/advisories/VMSA-2018-0022.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/105094	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041491	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.vmware.com/security/advisories/VMSA-2018-0022.html	Vendor Advisory

Impacted products

	Vendor	Product	Version
	vmware	fusion	*
	vmware	workstation	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFD884A1-8F04-4B77-BF46-D074BAABE70A",
              "versionEndExcluding": "10.1.3",
              "versionStartExcluding": "10.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA96BDE8-8107-47E9-BF6C-6F742455FB07",
              "versionEndExcluding": "14.1.3",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
    },
    {
      "lang": "es",
      "value": "VMware Workstation (en versiones 14.x anteriores a la 14.1.3) y Fusion (en versiones 10.x anteriores a la 10.1.3) contienen una vulnerabilidad de escritura fuera de l\u00edmites en el dispositivo e1000. Este problema puede permitir que un invitado ejecute c\u00f3digo en el host."
    }
  ],
  "id": "CVE-2018-6973",
  "lastModified": "2024-11-21T04:11:30.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.0,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-08-15T12:29:00.587",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105094"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041491"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/105094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2018-19580

Vulnerability from cnvd - Published: 2018-09-20

Title

VMWare Workstation和Fusion e1000缓冲区溢出漏洞

Description

VMWare Workstation和Fusion都是美国威睿（VMware）公司的桌面虚拟计算机软件，前者提供可以同时运行多个不同的操作系统的虚拟机功能，后者是用于在苹果机（Mac）上运行Windows应用程序的虚拟机软件。e1000是其中的一个虚拟网卡设备。 VMware Workstation 14.1.3之前的14.x版本和Fusion 10.1.3之前的10.x版本中的e1000存在缓冲区溢出漏洞，攻击者可利用该漏洞执行代码（越界写入）。

Severity

中

Patch Name

VMWare Workstation和Fusion e1000缓冲区溢出漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.vmware.com/security/advisories/VMSA-2018-0022.html

Reference

https://www.vmware.com/security/advisories/VMSA-2018-0022.html

Impacted products

Name
['VMware Workstation 14.，<14.1.3', 'VMware Fusion 10.，<10.1.3']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6973"
    }
  },
  "description": "VMWare Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u684c\u9762\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\uff0c\u524d\u8005\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\uff0c\u540e\u8005\u662f\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002e1000\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u865a\u62df\u7f51\u5361\u8bbe\u5907\u3002\r\n\r\nVMware Workstation 14.1.3\u4e4b\u524d\u768414.x\u7248\u672c\u548cFusion 10.1.3\u4e4b\u524d\u768410.x\u7248\u672c\u4e2d\u7684e1000\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\uff08\u8d8a\u754c\u5199\u5165\uff09\u3002",
  "discovererName": "unknown",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2018-0022.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-19580",
  "openTime": "2018-09-20",
  "patchDescription": "VMWare Workstation\u548cFusion\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u684c\u9762\u865a\u62df\u8ba1\u7b97\u673a\u8f6f\u4ef6\uff0c\u524d\u8005\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\uff0c\u540e\u8005\u662f\u7528\u4e8e\u5728\u82f9\u679c\u673a\uff08Mac\uff09\u4e0a\u8fd0\u884cWindows\u5e94\u7528\u7a0b\u5e8f\u7684\u865a\u62df\u673a\u8f6f\u4ef6\u3002e1000\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u865a\u62df\u7f51\u5361\u8bbe\u5907\u3002\r\n\r\nVMware Workstation 14.1.3\u4e4b\u524d\u768414.x\u7248\u672c\u548cFusion 10.1.3\u4e4b\u524d\u768410.x\u7248\u672c\u4e2d\u7684e1000\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4ee3\u7801\uff08\u8d8a\u754c\u5199\u5165\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMWare Workstation\u548cFusion e1000\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMware Workstation 14.*\uff0c\u003c14.1.3",
      "VMware Fusion 10.*\uff0c\u003c10.1.3"
    ]
  },
  "referenceLink": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-08-17",
  "title": "VMWare Workstation\u548cFusion e1000\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-6973 (GCVE-0-2018-6973)

CERTFR-2018-AVI-385

Solution

Contournement provisoire

CERTFR-2018-AVI-385

Solution

Contournement provisoire

GSD-2018-6973

GHSA-M7MH-M68X-WQXX

FKIE_CVE-2018-6973

CNVD-2018-19580

Tags

Sightings

Nomenclature