KLA11304
Multiple vulnerabilities in VMware products
Обновлено: 08/10/2019
Дата обнаружения
14/08/2018
Уровень угрозы
Critical
Описание

Multiple vulnerabilities was found in VWware Workstation and Fusion. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information and bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. A vulnerability in systems with microprocessors utilizing speculative execution and address translations can be exploited to bypass security restrictions and possible to obtain sensetive information via a terminal page fault and a side-channel analysis;
  2. An out-of-bounds write vulnerability can be exploited remotely to execute arbitrary code.
Пораженные продукты

VMware Workstation 14.x earlier than 14.1.3
VMware Fusion 10.x earlier than 10.1.3

Решение

Update to the latest version
Download Workstation

Первичный источник обнаружения
VMSA-2018-0020
VMSA-2018-0022
VMSA-2018-0026
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Связанные продукты
VMware Workstation
VMware Fusion
CVE-IDS
CVE-2018-36465.8High
CVE-2018-69738.8Critical
CVE-2018-69740.0Unknown