Main Vulnerability Database Vulnerabilities #VU22411

#VU22411 Command Injection in VMware Fusion - CVE-2019-5514

Published: October 30, 2019

Vulnerability identifier: #VU22411

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2019-5514

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
VMware Fusion

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to certain unauthenticated APIs accessible through a web socket. A remote attacker can trick the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed and execute arbitrary commands on the target system.

Remediation

Install updates from vendor's website.

External links

https://www.vmware.com/security/advisories/VMSA-2019-0005.html

#VU22411 Command Injection in VMware Fusion - CVE-2019-5514

Description

Remediation

External links

Please verify you're human