CVE-2018-3646 VMware vCenter Server 6.5 Update 6.5 2c missing (VMSA-2018-0020)

漏洞类别:VMware

漏洞等级: 

漏洞信息

VMware vCenter is the centralized management tool for the vSphere suite.
VMware vCenter is affected by the following vulnerability:
This issue may allow a malicious VM running on a given CPU core to effectively read the hypervisor or another VM privileged information that resides sequentially or concurrently in the same core L1 Data cache.

QID Detection Logic (Unauthenticated):
This QID checks for vulnerable version of vCenter.

漏洞危害

Successful exploitation allows unauthorized disclosure of information.

解决方案

VMware has issued a fix.
Please refer to VMSA-2018-0020 for further details.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

VMSA-2018-0020

Leave a Reply