Lucene search

[email protected]CVE-2019-5519

HistoryApr 01, 2019 - 9:30 p.m.

CVE-2019-5519

2019-04-0121:30:44

CWE-367

[email protected]

web.nvd.nist.gov

104

cve-2019-5519

vmware

esxi

workstation

fusion

toctou

vulnerability

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.8%

JSON

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

Affected configurations

NVD

Node

vmwarefusionRange10.0.0–10.1.6

vmwarefusionRange11.0.0–11.0.3

vmwareworkstationRange14.0.0–14.1.7

vmwareworkstationRange15.0.0–15.0.4

vmwareesxiMatch6.0-

vmwareesxiMatch6.0600-201811001

vmwareesxiMatch6.0600-201811401

vmwareesxiMatch6.5-

vmwareesxiMatch6.5650-201707101

vmwareesxiMatch6.5650-201707102

vmwareesxiMatch6.5650-201707103

vmwareesxiMatch6.5650-201707201

vmwareesxiMatch6.5650-201707202

vmwareesxiMatch6.5650-201707203

vmwareesxiMatch6.5650-201707204

vmwareesxiMatch6.5650-201707205

vmwareesxiMatch6.5650-201707206

vmwareesxiMatch6.5650-201707207

vmwareesxiMatch6.5650-201707208

vmwareesxiMatch6.5650-201707209

vmwareesxiMatch6.5650-201707210

vmwareesxiMatch6.5650-201707211

vmwareesxiMatch6.5650-201707212

vmwareesxiMatch6.5650-201707213

vmwareesxiMatch6.5650-201707214

vmwareesxiMatch6.5650-201707215

vmwareesxiMatch6.5650-201707216

vmwareesxiMatch6.5650-201707217

vmwareesxiMatch6.5650-201707218

vmwareesxiMatch6.5650-201707219

vmwareesxiMatch6.5650-201707220

vmwareesxiMatch6.5650-201707221

vmwareesxiMatch6.5650-201811001

vmwareesxiMatch6.5650-201811301

vmwareesxiMatch6.7-

vmwareesxiMatch6.7670-201810101

vmwareesxiMatch6.7670-201810102

vmwareesxiMatch6.7670-201810103

vmwareesxiMatch6.7670-201810201

vmwareesxiMatch6.7670-201810202

vmwareesxiMatch6.7670-201810203

vmwareesxiMatch6.7670-201810204

vmwareesxiMatch6.7670-201810205

vmwareesxiMatch6.7670-201810206

vmwareesxiMatch6.7670-201810207

vmwareesxiMatch6.7670-201810208

vmwareesxiMatch6.7670-201810209

vmwareesxiMatch6.7670-201810210

vmwareesxiMatch6.7670-201810211

vmwareesxiMatch6.7670-201810212

vmwareesxiMatch6.7670-201810213

vmwareesxiMatch6.7670-201810214

vmwareesxiMatch6.7670-201810215

vmwareesxiMatch6.7670-201810216

vmwareesxiMatch6.7670-201810217

vmwareesxiMatch6.7670-201810218

vmwareesxiMatch6.7670-201810219

vmwareesxiMatch6.7670-201810220

vmwareesxiMatch6.7670-201810221

vmwareesxiMatch6.7670-201810222

vmwareesxiMatch6.7670-201810223

vmwareesxiMatch6.7670-201810224

vmwareesxiMatch6.7670-201810225

vmwareesxiMatch6.7670-201810226

vmwareesxiMatch6.7670-201810227

vmwareesxiMatch6.7670-201810228

vmwareesxiMatch6.7670-201810229

vmwareesxiMatch6.7670-201810230

vmwareesxiMatch6.7670-201810231

vmwareesxiMatch6.7670-201810232

vmwareesxiMatch6.7670-201810233

vmwareesxiMatch6.7670-201810234

vmwareesxiMatch6.7670-201901401

vmwareesxiMatch6.7670-201901402

vmwareesxiMatch6.7670-201901403

CPENameOperatorVersion
vmware:fusionvmware fusionlt10.1.6
vmware:fusionvmware fusionlt11.0.3
vmware:workstationvmware workstationlt14.1.7
vmware:workstationvmware workstationlt15.0.4
vmware:esxivmware esxieq6.0
vmware:esxivmware esxieq6.5
vmware:esxivmware esxieq6.7

CPE	Name	Operator	Version
vmware:fusion	vmware fusion	lt	10.1.6
vmware:fusion	vmware fusion	lt	11.0.3
vmware:workstation	vmware workstation	lt	14.1.7
vmware:workstation	vmware workstation	lt	15.0.4
vmware:esxi	vmware esxi	eq	6.0
vmware:esxi	vmware esxi	eq	6.5
vmware:esxi	vmware esxi	eq	6.7

CNA Affected

[
  {
    "product": "VMware ESXi, Workstation, Fusion",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "ESXi 6.7 before ESXi670-201903001"
      },
      {
        "status": "affected",
        "version": "ESXi 6.5 before ESXi650-201903001"
      },
      {
        "status": "affected",
        "version": "ESXi 6.0 before ESXi600-201903001"
      },
      {
        "status": "affected",
        "version": "Workstation 15.x before 15.0.4"
      },
      {
        "status": "affected",
        "version": "Workstation 14.x before 14.1.7"
      },
      {
        "status": "affected",
        "version": "Fusion 11.x before 11.0.3"
      },
      {
        "status": "affected",
        "version": "Fusion 10.x before 10.1.6"
      }
    ]
  }
]