CVE-2019-5531
Severity Score
5.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VMware vSphere ESXi (6.7 prior to ESXi670-201810101-SG, 6.5 prior to ESXi650-201811102-SG, and 6.0 prior to ESXi600-201807103-SG) and VMware vCenter Server (6.7 prior to 6.7 U1b, 6.5 prior to 6.5 U2b, and 6.0 prior to 6.0 U3j) contain an information disclosure vulnerability in clients arising from insufficient session expiration. An attacker with physical access or an ability to mimic a websocket connection to a user’s browser may be able to obtain control of a VM Console after the user has logged out or their session has timed out.
VMware vSphere ESXi (6.7 anterior a la versión ESXi670-201810101-SG, 6.5 anterior a la versión ESXi650-201811102-SG y 6.0 anterior a la verisón ESXi600-201807103-SG) y VMware vCenter Server (6.7 anterior a 6.7 U1b, 6.5 anterior de 6.5 U2b, y 6.0 anterior a 6.0 U3j) contiene una vulnerabilidad de divulgación de información en clientes que surge de una caducidad de sesión insuficiente. Un atacante con acceso físico o la capacidad de imitar una conexión websocket al navegador de un usuario puede obtener el control de una consola VM después de que el usuario haya cerrado sesión o su sesión haya caducado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-07 CVE Reserved
- 2019-09-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-613: Insufficient Session Expiration
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| http://www.vmware.com/security/advisories/VMSA-2019-0013.html | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 6.7 Search vendor "Vmware" for product "Esxi" and version "6.7" | 670-201811001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.7 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.7 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7" | update_1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | u2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201810002 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201811001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201811002 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201901001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201903001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201905001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | update_1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201810001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201811001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201903001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | 600-201905001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | beta |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | u1a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | u1b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | u3a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | update_2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.0 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.0" | update_3 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | u1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | u1b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | u3 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update2a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update2m |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3c |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3d |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3e |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3f |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3g |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3h |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.0 Search vendor "Vmware" for product "Vcenter Server" and version "6.0" | update3i |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | c |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | d |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update1b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update2a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | update2c |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | a |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | c |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | d |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1c |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1d |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1e |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update1g |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2b |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2c |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2d |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.5 Search vendor "Vmware" for product "Vcenter Server" and version "6.5" | update2g |
Affected
| ||||||