CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.2%
The version of VMware Fusion installed on the remote macOS or Mac OS X host is 10.x prior to 10.1.6 or 11.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities, including:
An out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host. (CVE-2019-5518, CVE-2019-5519)
An out-of-bounds write vulnerability in the e1000 virtual network adapter. This issue may allow a guest to execute code on the host. (CVE-2019-5524)
An out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest. (CVE-2019-5515)
A security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines. (CVE-2019-5514)
Note that CVE-2019-5524 only applies to VMware Fusion 10.x.
Note that CVE-2019-5514 only applies to VMware Fusion 11.x
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(123517);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");
script_cve_id(
"CVE-2019-5514",
"CVE-2019-5515",
"CVE-2019-5518",
"CVE-2019-5519",
"CVE-2019-5524"
);
script_xref(name:"VMSA", value:"2019-0005");
script_xref(name:"IAVA", value:"2019-A-0099");
script_xref(name:"CEA-ID", value:"CEA-2019-0190");
script_name(english:"VMware Fusion 10.x < 10.1.6 / 11.x < 11.0.3 Multiple Vulnerabilities (VMSA-2019-0005) (macOS)");
script_set_attribute(attribute:"synopsis", value:
"A virtualization application installed on the remote macOS or Mac OS X
host is affected by an uninitialized stack memory usage vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of VMware Fusion installed on the remote macOS or
Mac OS X host is 10.x prior to 10.1.6 or 11.x prior to 11.0.3. It is,
therefore, affected by multiple vulnerabilities, including:
- An out-of-bounds read/write vulnerability and a Time-of-check
Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI
(Universal Host Controller Interface). Exploitation of these
issues requires an attacker to have access to a virtual machine
with a virtual USB controller present. These issues may allow a
guest to execute code on the host. (CVE-2019-5518, CVE-2019-5519)
- An out-of-bounds write vulnerability in the e1000 virtual network
adapter. This issue may allow a guest to execute code on the
host. (CVE-2019-5524)
- An out-of-bounds write vulnerability in the e1000 and e1000e
virtual network adapters. Exploitation of this issue may lead to
code execution on the host from the guest but it is more likely
to result in a denial of service of the guest. (CVE-2019-5515)
- A security vulnerability due to certain unauthenticated APIs
accessible through a web socket. An attacker may exploit this
issue by tricking the host user to execute a JavaScript to
perform unauthorized functions on the guest machine where VMware
Tools is installed. This may further be exploited to execute
commands on the guest machines. (CVE-2019-5514)
Note that CVE-2019-5524 only applies to VMware Fusion 10.x.
Note that CVE-2019-5514 only applies to VMware Fusion 11.x");
script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-20189-0005.html");
script_set_attribute(attribute:"solution", value:
"Upgrade to VMware Fusion version 10.1.6, 11.0.3, or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5524");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/28");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MacOS X Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("macosx_fusion_detect.nasl");
script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion");
exit(0);
}
include("vcf.inc");
app_info = vcf::get_app_info(app:"VMware Fusion");
vcf::check_granularity(app_info:app_info, sig_segments:2);
constraints = [
{ "min_version" : "10", "fixed_version" : "10.1.6" },
{ "min_version" : "11", "fixed_version" : "11.0.3" }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5514
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5518
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5519
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5524
www.vmware.com/security/advisories/VMSA-20189-0005.html
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
94.2%