Out-of-Bounds Read Vulnerability in VMware Tools Affects Guests
CVE-2018-6969

7HIGH

Key Information:

Vendor: Vmware
Status: Vmware Tools
Vendor: CVE Published:; 12 July 2018

What is CVE-2018-6969?

VMware Tools versions prior to 10.3.0 are susceptible to an out-of-bounds read vulnerability in the HGFS component. This vulnerability occurs when file sharing is enabled, potentially allowing attackers to access sensitive information or escalate their privileges on the affected guest virtual machines. Proper mitigation steps should be taken to secure affected systems and minimize risk.

Affected Version(s)

VMware Tools 10.x and prior before 10.3.0

References

http://www.securitytracker.com/id/1041291

vdb-entryx_refsource_SECTRACK

https://www.vmware.com/security/advisories/VMSA-2018-0017...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104737

vdb-entryx_refsource_BID

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 12, 2018
Vulnerability Reserved
Feb 14, 2018

Vmware

What is CVE-2018-6969?

Affected Version(s)

References

CVSS V3.1

Timeline