PT-2019-2595 · Vmware · Vmware Esxi+2
Fluoroacetate
·
Published
2019-03-28
·
Updated
2020-08-24
·
CVE-2019-5518
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware ESXi versions 6.7 before ESXi670-201903001
VMware ESXi versions 6.5 before ESXi650-201903001
VMware ESXi versions 6.0 before ESXi600-201903001
VMware Workstation versions 15.x before 15.0.4
VMware Workstation versions 14.x before 14.1.7
VMware Fusion versions 11.x before 11.0.3
VMware Fusion versions 10.x before 10.1.6
Description
The issue is related to an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI. Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This may allow a guest to execute code on the host.
Recommendations
For VMware ESXi versions 6.7 before ESXi670-201903001, update to ESXi670-201903001 or later.
For VMware ESXi versions 6.5 before ESXi650-201903001, update to ESXi650-201903001 or later.
For VMware ESXi versions 6.0 before ESXi600-201903001, update to ESXi600-201903001 or later.
For VMware Workstation versions 15.x before 15.0.4, update to 15.0.4 or later.
For VMware Workstation versions 14.x before 14.1.7, update to 14.1.7 or later.
For VMware Fusion versions 11.x before 11.0.3, update to 11.0.3 or later.
For VMware Fusion versions 10.x before 10.1.6, update to 10.1.6 or later.
Fix
Buffer Overflow
Memory Corruption
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vmware Esxi
Vmware Fusion
Vmware Workstation