CVE-2018-6957

MEDIUM

Vmware Workstation Pro < 14.1.1 - Resource Leak

Title source: rule

Description

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.

References (3)

Scores

CVSS v3 5.3
EPSS 0.0038
EPSS Percentile 59.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-772
Status published

Affected Products (41)

vmware/workstation_pro < 14.1.1
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_pro
vmware/workstation_player < 14.1.1
vmware/workstation_player
... and 26 more

Timeline

Published Mar 15, 2018
Tracked Since Feb 18, 2026