CVE-2018-6981

HIGH

VMware Workstation 14.0.0-14.1.3 & Fusion 10.0.0-10.1.3 - Uninitialized Memory Usage in vmxnet3

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6981. PoCs published by LxKxC.

AI-analyzed exploit summary This repository contains a Python script that scans vSphere environments for virtual machines using the vmxnet3 adapter, which are vulnerable to CVE-2018-6981 and CVE-2018-6982. It enumerates ESXi hosts and VMs, flagging those that require patching based on their versions.

Description

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG, VMware ESXi 6.0 without ESXi600-201811401-BG, VMware Workstation 15, VMware Workstation 14.1.3 or below, VMware Fusion 11, VMware Fusion 10.1.3 or below contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may allow a guest to execute code on the host.

Exploits (1)

nomisec SCANNER

by LxKxC · poc

https://github.com/LxKxC/vmxnet3Hunter

View Code ZIP pw:eip

This repository contains a Python script that scans vSphere environments for virtual machines using the vmxnet3 adapter, which are vulnerable to CVE-2018-6981 and CVE-2018-6982. It enumerates ESXi hosts and VMs, flagging those that require patching based on their versions.

Classification

Scanner 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: VMware vSphere (ESXi 6.0+, vCenter)

Auth required

Prerequisites: Valid vCenter credentials · Network access to vCenter servers · List of vCenter IPs

MITRE ATT&CK

T1082 - System Information Discovery T1040 - Network Sniffing

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1042055

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/105881

Vendor Advisory x_refsource_confirm

https://www.vmware.com/security/advisories/VMSA-2018-0027.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1042054

Scores

CVSS v3 8.8

EPSS 0.0685

EPSS Percentile 91.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-908

Status published

Products (1)

vmware/esxi 6.0 (50 CPE variants)

Published Dec 04, 2018

Tracked Since Feb 18, 2026