CVE-2018-6969

CWE-125Out-of-bounds Read7 documents5 sources
Severity
7.0HIGH
EPSS
0.1%
top 77.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware ToolsVmware Vmware Tools
Timeline
PublishedJul 13
Latest updateMay 14

Description

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDvmware/tools< 10.3.0
CVEListV5vmware/vmware_tools10.x and prior before 10.3.0

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-qc3q-9h28-r994: VMware Tools (102022-05-14
CVEList
CVE-2018-6969: VMware Tools (102018-07-13

📋Vendor Advisories

1
Red Hat
open-vm-tools: Out-of-bounds read in HGFS allows for information disclosure or potential privilege escalation2018-07-16

💬Community

3
Bugzilla
CVE-2018-6969 open-vm-tools: Out-of-bounds read in HGFS allows for information disclosure or potential privilege escalation [fedora-all]2018-07-19
Bugzilla
CVE-2018-6969 open-vm-tools: Out-of-bounds read in HGFS allows for information disclosure or potential privilege escalation2018-07-19
Bugzilla
CVE-2018-6969 open-vm-tools: Out-of-bounds read in HGFS allows for information disclosure or potential privilege escalation [epel-6]2018-07-19
CVE-2018-6969 (HIGH CVSS 7) | VMware Tools (10.x and prior before | cvebase.io