VMware has announced two critical vulnerabilities affecting multiple VMware products. CVE-2018-6981 and CVE-2018-6982 reference a guest-to-host escape, and a potential information leak between the host machine and the guest machine. Threat actors could exploit these vulnerabilities to execute code from a guest host machine, gaining root access on the host machine. Exploitation of these vulnerabilities requires either local access or a previous separate exploit to gain remote access. At the time of publishing, no known attacks using these vulnerabilities have been identified in the wild.
What we’re doing about it
- The eSentire Threat Intelligence Team will continue to monitor for more technical details of the exploit to determine detection strategies
- Current esRECON checks identify VMware related vulnerabilities, and will be updated to assist in identifying these specific vulnerabilities
What you should do about it
- After performing a business impact review, apply the VMware security patches 
Systems are only vulnerable to exploitation if they have vmxnet3 virtual adapters enabled. The security patches released address uninitialized stack memory usage.
Affected VMware products:
- VMware vSphere ESXi (ESXi)
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro, Fusion (Fusion)
Please see the official VMware statement for additional technical details and required patches .