CVE-2018-6957

MEDIUM

Vmware Workstation Pro < 14.1.1 - Resource Leak

Title source: rule

Description

VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before 10.1.1 and 8.x) contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. Note: In order for exploitation to be possible on Workstation and Fusion, VNC must be manually enabled.

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/103431

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1040539

[Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2018-0008.html

Scores

CVSS v3 5.3

EPSS 0.0038

EPSS Percentile 59.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-772

Status published

Products (41)

vmware/fusion 8.0

vmware/fusion 8.0.1

vmware/fusion 8.0.2

vmware/fusion 8.1

vmware/fusion 8.1.1

vmware/fusion 8.5

vmware/fusion 8.5.1

vmware/fusion 8.5.2

vmware/fusion 8.5.3

vmware/fusion 8.5.4

... and 31 more

Published Mar 15, 2018

Tracked Since Feb 18, 2026