CVE-2018-6947

Name: CVE-2018-6947
Creator: NVD / NIST
Published: 2018-02-28T22:29:00.653+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.21%

Last modified Jun 17, 2026

CVE-2018-6947 is a vulnerability of currently unknown severity. An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.. EPSS estimates a 3.21% chance of exploitation in the next 30 days.

Description

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.

Metrics

EPSS Probability

3.21%

86.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-665

Affected Software

Vendor	Product	Versions
Nomachine	Nomachine	<= 6.0.66_2
Microsoft	Windows 10	All versions
Microsoft	Windows 7	All versions
Microsoft	Windows 8	All versions

References

https://www.exploit-db.com/exploits/44167/Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/44168/Third Party Advisory, VDB Entry
https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/Third Party Advisory
https://www.nomachine.com/SU02P00194Vendor Advisory
https://www.nomachine.com/SU02P00195Vendor Advisory
https://www.nomachine.com/TR02P08408Vendor Advisory
https://www.exploit-db.com/exploits/44167/Third Party Advisory, VDB Entry
https://www.exploit-db.com/exploits/44168/Third Party Advisory, VDB Entry
https://www.fidusinfosec.com/nomachine-road-code-execution-without-fuzzing-cve-2018-6947/Third Party Advisory
https://www.nomachine.com/SU02P00194Vendor Advisory
https://www.nomachine.com/SU02P00195Vendor Advisory
https://www.nomachine.com/TR02P08408Vendor Advisory

Timeline

Published: Feb 28, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-6947?

How severe is CVE-2018-6947?

Severity scoring for CVE-2018-6947 is pending analysis. The EPSS model estimates a 3.21% probability of exploitation in the next 30 days.

How do I fix CVE-2018-6947?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-6947?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST