• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – CVE-2018-8374 Microsoft Exchange Server Tampering Vulnerability
August 15, 2018
Running away from the pitfall of insecure browsing
August 16, 2018

Rewterz Threat Advisory – CVE-2018-6973 and CVE-2018-3646 VMWare Workstation Player Multiple Vulnerabilities

August 16, 2018

Multiple vulnerabilities are found in VMware Workstation Player which may result in disclosure of sensitive information and bypassing of certain security restrictions.

 

IMPACT:  CRITICAL

PUBLISH DATE:  15-08-2018

 

OVERVIEW

Some vulnerabilities in VMware Workstation player and Fusion may lead to unauthorized disclosure of potentially sensitive information stored in the L1 data cache to an attacker, using a local user access. Moreover, the vulnerabilities may cause a bypassing of some of the security restrictions and lead to code execution on the host by a guest.

 

 

BACKGROUND INFORMATION

The CVE-2018-6973 is attributed to an out-of-bounds write vulnerability in the e1000 device, in VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3). This vulnerability may authorize a guest to execute code on the host.

 

CVE-2018-3646 is for systems with microprocessors utilizing speculative execution. This vulnerability may cause unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access, authorizing him with guest OS privilege via a terminal page fault and a side-channel analysis.

 

 

ANALYSIS

An error within the e1000 network adapter can be exploited by an attacker to cause an out-of-bounds write memory access and subsequently execute arbitrary code with host privileges. The CVE-2018-6973 vulnerability is reported in VMware Workstation and Fusion.

 

Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.

The CVE-2018-3646 vulnerability may allow a malicious VM running on a given CPU core to effectively read the hypervisor’s or another VM’s privileged information that resides sequentially or concurrently in the same core’s L1 Data cache.

 

CVE-2018-3646 has two currently known attack vectors; “Sequential-Context” and “Concurrent-Context.

 

Sequential-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a previous context (hypervisor thread or other VM thread) on either logical processor of a processor core.

 

Concurrent-context attack vector: a malicious VM can potentially infer recently accessed L1 data of a concurrently executing context (hypervisor thread or other VM thread) on the other logical processor of the Hyper-Threading enabled processor core.

 

 

MITIGATION

The Sequential-context attack vector is mitigated by a vSphere update to the affected product versions. This mitigation is dependent on Intel microcode updates (provided in separate ESXi patches for most Intel hardware platforms), and is enabled by default and does not impose a significant performance impact.

 

The Concurrent-context attack vector is mitigated through enablement of a new feature known as the “ESXi Side-Channel-Aware Scheduler”. This feature may impose a significant performance impact and is therefore not enabled by default.

 

The following updates include Hypervisor-Specific Mitigations for L1 Terminal Fault – VMM.

 

 

UPDATES

For CVE-2018-3646, following products need to be updated to patched versions as listed in the table.

 

 

 

The update details for products affected by CVE-2018-6973 are listed below:

 

 

 

It is best to update the running versions of the affected products as per the advisory. Furthermore, if you think you are a victim of a cyber-security attack. Immediately send an email to info@rewterz.com for a rapid response.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.