MATSCO SECURITY ADVISORY (12 NOV 2018)

In Cyber Security by Matsco Engineering Team


VMware has announced two critical vulnerabilities affecting multiple VMware products. 
The following system/technologies are affected: 

 

  • VMware vSphere ESXi (ESXi)
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro, Fusion (Fusion)


CVE-2018-6981 and CVE-2018-6982 reference a guest-to-host escape, and a potential information leak between the host machine and the guest machine. VMware ESXi, Fusion and Workstation contain uninitialized stack memory usage in the vmxnet3 virtual network adapter.

This issue may allow a guest to execute code on the host. The issue is present if vmxnet3 is enabled. Non vmxnet3 virtual adapters are not affected.

Threat actors could exploit these vulnerabilities to execute code from a guest host machine, gaining root access on the host machine. Exploitation of these vulnerabilities requires either local access or a previous separate exploit to gain remote access.

At the time of publishing, no known attacks using these vulnerabilities have been identified in the wild.

For further information please Click Here

Matsco will be reaching out to clients who have regular maintenances to confirm or schedule a maintenance as required.

 Please contact the Matsco Solutions team on the below if you would like any further information or would like to schedule a maintenance.

support@matscosolutions.com

Beijing  +86 400 120 2782
Hong Kong  +852 8101 8418
London   +44 (0)20 7821 4950
New York  +1 866 446 9226
Singapore  +65 6100 1090

Share this Post