CVE-2019-5515
VMware Workstation e1000 Memory Corruption Privilege Escalation Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
Las actualizaciones de VMware Workstation (en las versiones 15.x anteriores a a la 15.0.3, y las 14.x anteriores a la 14.1.6) y de Fusion (en las versiones 11.x anteriores a a la 11.0.3, y las 10.x anteriores a la 10.1.6) abordan una vulnerabilidad de escritura fuera de límites en los adaptadores de red virtual e1000 y e1000e. La explotación de este problema podría conducir a una ejecución de código en el host desde el invitado, pero es más probable que resulte en una denegación de servicio (DoS) de esta..
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the e1000 driver. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-07 CVE Reserved
- 2019-03-29 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html | Third Party Advisory | |
https://www.securityfocus.com/bid/107634 | Third Party Advisory | |
https://www.zerodayinitiative.com/advisories/ZDI-19-306 | Third Party Advisory | |
https://www.zerodayinitiative.com/advisories/ZDI-19-516 | X_refsource_misc |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2019-0005.html | 2019-05-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | >= 10.0.0 < 10.1.6 Search vendor "Vmware" for product "Fusion" and version " >= 10.0.0 < 10.1.6" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | >= 11.0.0 < 11.0.3 Search vendor "Vmware" for product "Fusion" and version " >= 11.0.0 < 11.0.3" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | >= 14.0.0 < 14.1.6 Search vendor "Vmware" for product "Workstation" and version " >= 14.0.0 < 14.1.6" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | >= 15.0.0 < 15.0.3 Search vendor "Vmware" for product "Workstation" and version " >= 15.0.0 < 15.0.3" | - |
Affected
|