Code injection

2019-04-0121:30:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

79.8%

JSON

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

CPENameOperatorVersion
esxieq6.0
esxieq6.0
esxieq6.0
esxieq6.5
esxieq6.5
esxieq6.5
esxieq6.5
esxieq6.5
esxieq6.5
esxieq6.5

Name	Operator	Version
esxi	eq	6.0
esxi	eq	6.0
esxi	eq	6.0
esxi	eq	6.5
esxi	eq	6.5
esxi	eq	6.5
esxi	eq	6.5
esxi	eq	6.5
esxi	eq	6.5
esxi	eq	6.5

Rows per page:

1-10 of 791

References

packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html

www.securityfocus.com/bid/107535

www.securityfocus.com/bid/108443

www.vmware.com/security/advisories/VMSA-2019-0005.html

www.zerodayinitiative.com/advisories/ZDI-19-420/