CVE-2018-6972

Summary

VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs.

Affected Software

VendorProductVersion RangeStatus
VMwareESXi6.7 before ESXi670-201806401-BGaffected
VMwareESXi6.5 before ESXi650-201806401-BGaffected
VMwareESXi6.0 before ESXi600-201806401-BGaffected
VMwareESXi5.5 before ESXi550-201806401-BGaffected
VMwareWorkstation14.x before 14.1.2affected
VMwareFusion10.x before 10.1.2affected

Weaknesses

  • Denial-of-service vulnerability

ADP Enrichment

CVE Program Container

Additional References

References