Multiple vulnerabilities in VMware Workstation and Fusion

Published: 2019-11-13 | Updated: 2019-11-13
Severity High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2019-5540
CVE-2019-5541
CVE-2019-5542
CWE ID CWE-200
CWE-787
CWE-20
Exploitation vector Network
Public exploit N/A
Vulnerable software VMware Workstation Subscribe
VMware Fusion
Vendor VMware, Inc

Security Advisory

1) Information disclosure

Severity: Medium

CVSSv3: 6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-5540

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to information disclosure issue in vmnetdhcp. A remote authenticated attacker can leak memory from the host process and gain unauthorized access to sensitive information on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 15.0.0, 15.0.1, 15.0.2, 15.0.3, 15.0.4, 15.1.0, 15.5.0

VMware Fusion: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.1.0, 11.1.1, 11.5.0

CPE External links

http://www.vmware.com/security/advisories/VMSA-2019-0021.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds write

Severity: High

CVSSv3: 7.9 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-5541

CWE-ID: CWE-787 - Out-of-bounds Write

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input via the e1000e virtual network adapter. A remote administrator can trigger out-of-bounds write and execute arbitrary code on the target system, or create a denial-of-service (DoS) condition on their own VM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 15.0.0, 15.0.1, 15.0.2, 15.0.3, 15.0.4, 15.1.0, 15.5.0

VMware Fusion: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.1.0, 11.1.1, 11.5.0

CPE External links

http://www.vmware.com/security/advisories/VMSA-2019-0021.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

Severity: Medium

CVSSv3: 6.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-5542

CWE-ID: CWE-20 - Improper Input Validation

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the RPC handler. A remote authenticated attacker can cause a denial-of-service condition on their own VM.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 15.0.0, 15.0.1, 15.0.2, 15.0.3, 15.0.4, 15.1.0, 15.5.0

VMware Fusion: 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.1.0, 11.1.1, 11.5.0

CPE External links

http://www.vmware.com/security/advisories/VMSA-2019-0021.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to trick the victim to open a a specially crafted file.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.