Main Vulnerability Database Vulnerabilities #VU21242

Input validation error in VMware Workstation and VMware Fusion - CVE-2019-5535

Published: September 21, 2019

Vulnerability identifier: #VU21242

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5535

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: VMware, Inc

Affected software:
VMware Workstation
VMware Fusion

Detailed vulnerability description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of IPV6 network traffic. A local user on guest OS can send specially crafted IPV6 packets and disallow network connectivity for all guest machines using VMware NAT mode.

Successful exploitation of this vulnerability requires that VMNAT is enabled.

How to mitigate CVE-2019-5535

Install updates from vendor's website.

Sources

http://www.vmware.com/security/advisories/VMSA-2019-0014.html

Input validation error in VMware Workstation and VMware Fusion - CVE-2019-5535

Detailed vulnerability description

How to mitigate CVE-2019-5535

Sources

Please verify you're human