Security Alert (A19-03-08): Multiple Vulnerabilities in VMware Products


 

Published on: 29 March 2019

  
  

Description:

VMware has published a security advisory to address out-of-bounds vulnerability, Time-of-check Time-of-use vulnerability and unauthenticated APIs security vulnerability in virtual USB 1.1 UHCI (Universal Host Controller Interface), virtual network adapters and VMware Tools.

 

Affected Systems:

  • VMware vSphere ESXi version 6.0, 6.5, 6.7
  • VMware Workstation version 14.x and 15.x
  • VMware Fusion version 10.x and 11.x

 

Impact:

Successful exploitation of the vulnerabilities could allow a guest to execute code on the host or a host user to perform unauthorised functions on the guest virtual machine.

 

Recommendation:

The product vendor has released new versions to address the issues at the following website:

  • VMware ESXi 6.0, 6.5, 6.7
    https://my.vmware.com/group/vmware/patch

  • VMware Workstation Pro 14.1.6, 14.1.7, 15.0.3, 15.0.4
    https://www.vmware.com/go/downloadworkstation

  • VMware Workstation Player 14.1.6, 14.1.7, 15.0.3, 15.0.4
    https://www.vmware.com/go/downloadplayer

  • VMware Fusion Pro / Fusion 10.1.6, 11.0.3
    https://www.vmware.com/go/downloadfusion

System administrators may contact their product support vendors for the fixes and assistance.

 

More Information:

https://www.vmware.com/security/advisories/VMSA-2019-0005.html
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5514
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5515
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5518
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5519
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5524

 



Tag: ESXi , VMware , VMware Fusion , VMware Workstation , vSphere
Tags