Multiple vulnerabilities in VMware products



Published: 2019-08-02 | Updated: 2019-10-30
Risk High
Patch available YES
Number of vulnerabilities 10
CVE-ID CVE-2019-5521
CVE-2019-5684
CVE-2019-5512
CVE-2019-5511
CVE-2019-5515
CVE-2019-5520
CVE-2019-5517
CVE-2019-5516
CVE-2019-5524
CVE-2019-5514
CWE-ID CWE-125
CWE-264
CWE-787
CWE-77
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
VMware Fusion
Client/Desktop applications / Virtualization software

VMware Workstation
Client/Desktop applications / Virtualization software

VMware ESXi
Operating systems & Components / Operating system

Vendor VMware, Inc

Security Bulletin

This security bulletin contains information about 10 vulnerabilities.

Updated 30.10.2019
Added vulnerabilities #3-10, changed severity.

1) Out-of-bounds read

EUVDB-ID: #VU19920

Risk: Medium

CVSSv3.1: 4.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5521

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the pixel shader functionality. A remote unprivileged user with access to a guest operating system can trigger out-of-bounds read error and read contents of memory on the system on perform a denial of service attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Fusion: 10.1.0 - 11.0.2

VMware Workstation: 14.1.1 - 15.0.2

VMware ESXi: 6.0 - 6.7

External links

http://www.vmware.com/security/advisories/VMSA-2019-0012.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

EUVDB-ID: #VU19921

Risk: Medium

CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5684

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote unprivileged user with access to a guest operating system can trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability can be exploited only if the host has an affected NVIDIA graphics driver.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Fusion: 10.1.0 - 11.0.2

VMware Workstation: 14.1.1 - 15.0.2

VMware ESXi: 6.0 - 6.7

External links

http://www.vmware.com/security/advisories/VMSA-2019-0012.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22414

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5512

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected software running on Windows does not handle COM classes appropriately. A local authenticated user can hijack the COM classes used by the VMX proccess on a Windows host and elevate privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 14.0 - 15.0.2

External links

http://www.vmware.com/security/advisories/VMSA-2019-0002.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU22413

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5511

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected software running on Windows does not handle paths appropriately. A local authenticated user can hijack the path to the VMX executable on a Windows host and elevate privileges on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 14.0 - 15.0.2

External links

http://www.vmware.com/security/advisories/VMSA-2019-0002.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds write

EUVDB-ID: #VU22412

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5515

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the e1000 and e1000e virtual network adapters. A remote authenticated attacker can trigger out-of-bounds write and execute arbitrary code on the host but it is more likely to result in a denial of service of the guest.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Fusion: 10.0 - 11.0.2

VMware Workstation: 14.0 - 15.0.2

External links

http://www.vmware.com/security/advisories/VMSA-2019-0005.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU22410

Risk: Medium

CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5520

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the affected system. A remote attacker with access to a virtual machine with 3D graphics enabled can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Fusion: 10.0 - 11.0.2

VMware Workstation: 14.0 - 15.0.2

VMware ESXi: 6.5 - 6.7

External links

http://www.vmware.com/security/advisories/VMSA-2019-0006.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU22328

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5517

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the shader translator. A remote authenticated attacker with access to a virtual machine with 3D graphics enabled can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition on their own VM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware ESXi: 6.5 - 6.7

VMware Workstation: 15.0.2

VMware Fusion: 10.0 - 11.0.2

External links

http://www.vmware.com/security/advisories/VMSA-2019-0006.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

EUVDB-ID: #VU22327

Risk: Medium

CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5516

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the vertex shader functionality. A remote authenticated attacker with access to a virtual machine with 3D graphics enabled can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition on their own VM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware ESXi: 6.5 - 6.7

VMware Workstation: 14.0 - 15.0.2

VMware Fusion: 10.0 - 11.0.2

External links

http://www.vmware.com/security/advisories/VMSA-2019-0006.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Out-of-bounds write

EUVDB-ID: #VU22415

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5524

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the e1000 virtual network adapter. A remote authenticated attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Fusion: 10.0 - 10.1.5

VMware Workstation: 14.0 - 14.1.5

External links

http://www.vmware.com/security/advisories/VMSA-2019-0005.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Command Injection

EUVDB-ID: #VU22411

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5514

CWE-ID: CWE-77 - Command injection

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to certain unauthenticated APIs accessible through a web socket. A remote attacker can trick the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed and execute arbitrary commands on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Fusion: 11.0.0 - 11.0.2

External links

http://www.vmware.com/security/advisories/VMSA-2019-0005.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###