8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.085 Low
EPSS
Percentile
94.4%
a. VMware ESXi, Workstation and Fusion UHCI out-of-bounds read/write and TOCTOU vulnerabilities
VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
In ESXi, Workstation and Fusion, when a virtual USB 2.0 controller is added to a VM, a virtual USB 1.1 controller is also added by default. In Workstation and Fusion, when a virtual USB 3.0 controller is added to a VM, a virtual USB 1.1 controller is also added by default.
VMware would like to thank the Fluoroacetate team of Amat Cama and Richard Zhu, working with the Pwn2Own 2019 Security Contest, for reporting these issues to us.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifiers CVE-2019-5518 (out-of-bounds read/write) and CVE-2019-5519 (TOCTOU) to these issues.
Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
CPE | Name | Operator | Version |
---|---|---|---|
esxi | lt | ESXi670-201903001 | |
esxi | lt | ESXi650-201903001 | |
esxi | lt | ESXi600-201903001 | |
workstation | lt | 15.0.4 | |
workstation | lt | 14.1.7 | |
fusion | lt | 11.0.3 | |
fusion | lt | 10.1.6 | |
workstation | lt | 14.1.6 | |
workstation | lt | 15.0.3 | |
esxi | lt | 13004448 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.085 Low
EPSS
Percentile
94.4%