CVE-2018-6969

7HIGH

Key Information:

Vendor: Vmware
Status: Vmware Tools
Vendor: CVE Published:; 12 July 2018

Summary

VMware Tools (10.x and prior before 10.3.0) contains an out-of-bounds read vulnerability in HGFS. Successful exploitation of this issue may lead to information disclosure or may allow attackers to escalate their privileges on the guest VMs. In order to be able to exploit this issue, file sharing must be enabled.

Affected Version(s)

VMware Tools 10.x and prior before 10.3.0

References

http://www.securitytracker.com/id/1041291

vdb-entryx_refsource_SECTRACK

https://www.vmware.com/security/advisories/VMSA-2018-0017...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/104737

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 12, 2018
Vulnerability Reserved
Feb 14, 2018

.