Recently, VMware patched critical vulnerability affecting its Workstation and Fusion software. The bug could allegedly allow an attacker to execute code on target machines. VMware warns users to update their devices with patched versions so as to remain secured from hacks involving exploitation of this bug.
Integer Overflow Vulnerability Discovered In Workstation And Fusion Network Devices
As disclosed in their latest security advisory, VMware patched critical vulnerability affecting its Workstation and Fusion network devices. The vulnerability existed in the software packages. It could allegedly let an attacker execute malicious codes on targeted devices.
Reportedly, a researcher named Tianwen Tang from the Qihoo 360Vulcan Team discovered a critical integer overflow bug that made the devices vulnerable to cyber attacks. He presented his discovery at the cybersecurity contest TianfuCup 2018 recently held in China.
As stated in the VMware advisory,
VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.
The bug has received critical severity ratings with CVE number CVE-2018-6983. Presently, no workaround or mitigation is available to address this vulnerability.
VMware Patched Critical Vulnerability In The Latest Software Versions
The integer overflow vulnerability referred herewith allegedly affected Workstation 14.x and 15.x running on the platform. Whereas, in the case of Fusion, the bug was viable in versions 10.x and 11.x running on OS X.
VMware has released patches for the flaw in the following software versions. Thus the users of Workstation 14.x and 15.x should update their devices to the patched versions 14.1.5 and 15.0.2 respectively. While the users of Fusion 10.x and 11.x should upgrade to the versions 10.1.5 and 11.0.2 respectively.
The recent advisory comes right after the vSphere Data Protection (VDP) updates that addressed numerous security vulnerabilities including a critical remote code execution bug.