Lucene search

[email protected]NVD:CVE-2019-5518

HistoryApr 01, 2019 - 9:30 p.m.

CVE-2019-5518

2019-04-0121:30:43

CWE-125

CWE-787

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.1%

JSON

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

Affected configurations

NVD

Node

vmwarefusionRange10.0.0–10.1.6

vmwarefusionRange11.0.0–11.0.3

vmwareworkstationRange14.0.0–14.1.7

vmwareworkstationRange15.0.0–15.0.4

vmwareesxiMatch6.0-

vmwareesxiMatch6.0600-201811001

vmwareesxiMatch6.0600-201811401

vmwareesxiMatch6.5-

vmwareesxiMatch6.5650-201707101

vmwareesxiMatch6.5650-201707102

vmwareesxiMatch6.5650-201707103

vmwareesxiMatch6.5650-201707201

vmwareesxiMatch6.5650-201707202

vmwareesxiMatch6.5650-201707203

vmwareesxiMatch6.5650-201707204

vmwareesxiMatch6.5650-201707205

vmwareesxiMatch6.5650-201707206

vmwareesxiMatch6.5650-201707207

vmwareesxiMatch6.5650-201707208

vmwareesxiMatch6.5650-201707209

vmwareesxiMatch6.5650-201707210

vmwareesxiMatch6.5650-201707211

vmwareesxiMatch6.5650-201707212

vmwareesxiMatch6.5650-201707213

vmwareesxiMatch6.5650-201707214

vmwareesxiMatch6.5650-201707215

vmwareesxiMatch6.5650-201707216

vmwareesxiMatch6.5650-201707217

vmwareesxiMatch6.5650-201707218

vmwareesxiMatch6.5650-201707219

vmwareesxiMatch6.5650-201707220

vmwareesxiMatch6.5650-201707221

vmwareesxiMatch6.5650-201811001

vmwareesxiMatch6.5650-201811301

vmwareesxiMatch6.7-

vmwareesxiMatch6.7670-201810101

vmwareesxiMatch6.7670-201810102

vmwareesxiMatch6.7670-201810103

vmwareesxiMatch6.7670-201810201

vmwareesxiMatch6.7670-201810202

vmwareesxiMatch6.7670-201810203

vmwareesxiMatch6.7670-201810204

vmwareesxiMatch6.7670-201810205

vmwareesxiMatch6.7670-201810206

vmwareesxiMatch6.7670-201810207

vmwareesxiMatch6.7670-201810208

vmwareesxiMatch6.7670-201810209

vmwareesxiMatch6.7670-201810210

vmwareesxiMatch6.7670-201810211

vmwareesxiMatch6.7670-201810212

vmwareesxiMatch6.7670-201810213

vmwareesxiMatch6.7670-201810214

vmwareesxiMatch6.7670-201810215

vmwareesxiMatch6.7670-201810216

vmwareesxiMatch6.7670-201810217

vmwareesxiMatch6.7670-201810218

vmwareesxiMatch6.7670-201810219

vmwareesxiMatch6.7670-201810220

vmwareesxiMatch6.7670-201810221

vmwareesxiMatch6.7670-201810222

vmwareesxiMatch6.7670-201810223

vmwareesxiMatch6.7670-201810224

vmwareesxiMatch6.7670-201810225

vmwareesxiMatch6.7670-201810226

vmwareesxiMatch6.7670-201810227

vmwareesxiMatch6.7670-201810228

vmwareesxiMatch6.7670-201810229

vmwareesxiMatch6.7670-201810230

vmwareesxiMatch6.7670-201810231

vmwareesxiMatch6.7670-201810232

vmwareesxiMatch6.7670-201810233

vmwareesxiMatch6.7670-201810234

vmwareesxiMatch6.7670-201901401

vmwareesxiMatch6.7670-201901402

vmwareesxiMatch6.7670-201901403

References

packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html

www.securityfocus.com/bid/107541

www.vmware.com/security/advisories/VMSA-2019-0005.html

www.zerodayinitiative.com/advisories/ZDI-19-421/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.8 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

82.1%

JSON

Related for NVD:CVE-2019-5518

cve1 cvelist1 zdi1 prion1 nessus4 vmware2 kaspersky1 ibm1