CVE-2019-5519

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.
TOCTOU
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 67%
VendorProductVersion
vmwarefusion
10.0.0 ≤
𝑥
< 10.1.6
vmwarefusion
11.0.0 ≤
𝑥
< 11.0.3
vmwareworkstation
14.0.0 ≤
𝑥
< 14.1.7
vmwareworkstation
15.0.0 ≤
𝑥
< 15.0.4
vmwareesxi
6.0
vmwareesxi
6.0:600-201811001
vmwareesxi
6.0:600-201811401
vmwareesxi
6.5
vmwareesxi
6.5:650-201707101
vmwareesxi
6.5:650-201707102
vmwareesxi
6.5:650-201707103
vmwareesxi
6.5:650-201707201
vmwareesxi
6.5:650-201707202
vmwareesxi
6.5:650-201707203
vmwareesxi
6.5:650-201707204
vmwareesxi
6.5:650-201707205
vmwareesxi
6.5:650-201707206
vmwareesxi
6.5:650-201707207
vmwareesxi
6.5:650-201707208
vmwareesxi
6.5:650-201707209
vmwareesxi
6.5:650-201707210
vmwareesxi
6.5:650-201707211
vmwareesxi
6.5:650-201707212
vmwareesxi
6.5:650-201707213
vmwareesxi
6.5:650-201707214
vmwareesxi
6.5:650-201707215
vmwareesxi
6.5:650-201707216
vmwareesxi
6.5:650-201707217
vmwareesxi
6.5:650-201707218
vmwareesxi
6.5:650-201707219
vmwareesxi
6.5:650-201707220
vmwareesxi
6.5:650-201707221
vmwareesxi
6.5:650-201811001
vmwareesxi
6.5:650-201811301
vmwareesxi
6.7
vmwareesxi
6.7:670-201810101
vmwareesxi
6.7:670-201810102
vmwareesxi
6.7:670-201810103
vmwareesxi
6.7:670-201810201
vmwareesxi
6.7:670-201810202
vmwareesxi
6.7:670-201810203
vmwareesxi
6.7:670-201810204
vmwareesxi
6.7:670-201810205
vmwareesxi
6.7:670-201810206
vmwareesxi
6.7:670-201810207
vmwareesxi
6.7:670-201810208
vmwareesxi
6.7:670-201810209
vmwareesxi
6.7:670-201810210
vmwareesxi
6.7:670-201810211
vmwareesxi
6.7:670-201810212
vmwareesxi
6.7:670-201810213
vmwareesxi
6.7:670-201810214
vmwareesxi
6.7:670-201810215
vmwareesxi
6.7:670-201810216
vmwareesxi
6.7:670-201810217
vmwareesxi
6.7:670-201810218
vmwareesxi
6.7:670-201810219
vmwareesxi
6.7:670-201810220
vmwareesxi
6.7:670-201810221
vmwareesxi
6.7:670-201810222
vmwareesxi
6.7:670-201810223
vmwareesxi
6.7:670-201810224
vmwareesxi
6.7:670-201810225
vmwareesxi
6.7:670-201810226
vmwareesxi
6.7:670-201810227
vmwareesxi
6.7:670-201810228
vmwareesxi
6.7:670-201810229
vmwareesxi
6.7:670-201810230
vmwareesxi
6.7:670-201810231
vmwareesxi
6.7:670-201810232
vmwareesxi
6.7:670-201810233
vmwareesxi
6.7:670-201810234
vmwareesxi
6.7:670-201901401
vmwareesxi
6.7:670-201901402
vmwareesxi
6.7:670-201901403
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html
http://www.securityfocus.com/bid/107535
http://www.securityfocus.com/bid/108443
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
https://www.zerodayinitiative.com/advisories/ZDI-19-420/
http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html
http://www.securityfocus.com/bid/107535
http://www.securityfocus.com/bid/108443
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
https://www.zerodayinitiative.com/advisories/ZDI-19-420/