Описание
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.
Ссылки
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 8.0 (включая) до 8.5.10 (исключая)Версия от 10.0 (включая) до 10.1.1 (исключая)
Одновременно
Одно из
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
Конфигурация 2Версия от 12.0 (включая) до 12.5.9 (исключая)Версия от 14.0 (включая) до 14.1.1 (исключая)
Одно из
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00047
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-190
Связанные уязвимости
CVSS3: 7
github
больше 3 лет назад
VMware Workstation and Fusion contain an integer overflow vulnerability in VMware NAT service when IPv6 mode is enabled. This issue may lead to an out-of-bound read which can then be used to execute code on the host in conjunction with other issues. Note: IPv6 mode for VMNAT is not enabled by default.
EPSS
Процентиль: 15%
0.00047
Низкий
7 High
CVSS3
6.9 Medium
CVSS2
Дефекты
CWE-190