CVE-2018-6969

low-risk

Published 2018-07-13

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.

Do I need to act?

0.07% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (1)

Tools

Affected Vendors

Vmware

References (6)

Third Party Advisory http://www.securityfocus.com/bid/104737

Third Party Advisory http://www.securitytracker.com/id/1041291

Patch https://www.vmware.com/security/advisories/VMSA-2018-0017.html

Third Party Advisory http://www.securityfocus.com/bid/104737

Third Party Advisory http://www.securitytracker.com/id/1041291

Patch https://www.vmware.com/security/advisories/VMSA-2018-0017.html

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal