PT-2019-2596 · Vmware · Vmware Esxi+2
Fluoroacetate
·
Published
2019-03-28
·
Updated
2020-08-24
·
CVE-2019-5519
CVSS v2.0
7.2
High
| Vector | AV:L/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
VMware ESXi versions 6.7 before ESXi670-201903001
VMware ESXi versions 6.5 before ESXi650-201903001
VMware ESXi versions 6.0 before ESXi600-201903001
VMware Workstation versions 15.x before 15.0.4
VMware Workstation versions 14.x before 14.1.7
VMware Fusion versions 11.x before 11.0.3
VMware Fusion versions 10.x before 10.1.6
Description
The issue is related to a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI. This vulnerability may allow a guest to execute code on the host. Exploitation requires an attacker to have access to a virtual machine with a virtual USB controller present. The vulnerability is also described as a race condition, which may allow an attacker to execute arbitrary code using the virtual USB controller.
Recommendations
For VMware ESXi versions 6.7 before ESXi670-201903001, update to ESXi670-201903001 or later.
For VMware ESXi versions 6.5 before ESXi650-201903001, update to ESXi650-201903001 or later.
For VMware ESXi versions 6.0 before ESXi600-201903001, update to ESXi600-201903001 or later.
For VMware Workstation versions 15.x before 15.0.4, update to 15.0.4 or later.
For VMware Workstation versions 14.x before 14.1.7, update to 14.1.7 or later.
For VMware Fusion versions 11.x before 11.0.3, update to 11.0.3 or later.
For VMware Fusion versions 10.x before 10.1.6, update to 10.1.6 or later.
Fix
Race Condition
Buffer Overflow
Time Of Check To Time Of Use
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vmware Esxi
Vmware Fusion
Vmware Workstation