VMware Issues Security Advisory for Guest-to-Host Escape Vulnerability (CVE-2018-6981)
VMware issued an advisory about two uninitialized stack memory usage bugs and has released patches and updates for some versions of the affected software.
Contexte
On November 9, VMware published a security advisory to address a Guest-to-Host Escape vulnerability affecting VMware ESXi, Workstation and Fusion. The vulnerability was discovered and released by a security researcher at GeekPwn 2018, an annual security conference in Shanghai, China which took place in late October 2018. The researcher reported the vulnerability to VMware through GeekPwn.
Source: @ChaitinTech on Twitter.
Vulnerability details
According to VMware’s Security Advisory, Zhangyanyu of Chaitin Tech reported two uninitialized stack memory usage bugs (CVE-2018-6981 and CVE-2018-6982) in the vmxnet3 virtual network adapter used in VMware. VMware notes that the vulnerability does not affect non-vmxnet3 virtual network adapters.
Exploitation of CVE-2018-6981 can lead to a guest-to-host escape, allowing the guest to execute code on the host, while exploitation of CVE-2018-6982 can lead to information disclosure from host to guest. In a tweet that includes a video demonstration of the exploit, Chaitin Tech asserts that this is the first time that anyone has escaped VMware EXSi and obtained a root shell on the host.
Urgently required actions
VMware’s Security Advisory includes patch availability details for consumers and businesses. Tenable’s Security Response team strongly encourages patching VMware ESXi versions and upgrading VMware Workstation and VMware Fusion using the table below:
Source : VMware Security Advisory
Identification des systèmes affectés
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Où trouver plus d'informations
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Articles connexes
CVE-2024-47575: Frequently Asked Questions About FortiJump Zero-Day in FortiManager and FortiManager Cloud
October 23, 2024Frequently asked questions about a zero-day vulnerability in Fortinet’s FortiManager that has reportedly been exploited in the wild.
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25
October 22, 2024Twenty five years after the launch of CVE, the Tenable Security Response Team has handpicked 25 vulnerabilities that stand out for their significance.
Oracle October 2024 Critical Patch Update Addresses 198 CVEs
October 15, 2024Oracle addresses 198 CVEs in its fourth quarterly update of 2024 with 334 patches, including 35 critical updates.
Securing Financial Data in the Cloud: How Tenable Can Help
November 4, 2024Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.
- Vulnerability Management
- Vulnerability Scanning