CVE-2018-6957

CWE-7725 documents4 sources
Severity
5.3MEDIUM
EPSS
0.4%
top 40.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Vmware FusionVmware Workstation PlayerVmware Workstation PRO+1 more
Timeline
PublishedMar 15
Latest updateMay 13

Description

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages5 packages

NVDvmware/fusion10.010.1.1+14
NVDvmware/workstation_pro14.014.1.1+12
NVDvmware/workstation_player14.014.1.1+12
CVEListV5vmware/fusion10.x before 10.1.1, 8.x+1
CVEListV5vmware/workstation12.x, 14.x before 14.1.1+1

🔴Vulnerability Details

2
GHSA
GHSA-vxf5-fpm2-g9fg: VMware Workstation (142022-05-13
CVEList
CVE-2018-6957: VMware Workstation (142018-03-15

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: VMWare VNC Vulnerabilities2017-12-19
Talos
Vulnerability Spotlight: VMWare VNC Vulnerabilities2017-12-19
CVE-2018-6957 (MEDIUM CVSS 5.3) | VMware Workstation (14.x before 14. | cvebase.io