National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2019-5518 Detail

Current Description

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain an out-of-bounds read/write vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: 6.8 MEDIUM
Vector:  CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/107541
https://www.vmware.com/security/advisories/VMSA-2019-0005.html Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-421/

Weakness Enumeration

CWE-ID CWE Name Source
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer NIST  

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:vmware:fusion
     Show Matching CPE(s)
From (including)
10.0.0
Up to (excluding)
10.1.6
 cpe:/a:vmware:fusion
     Show Matching CPE(s)
From (including)
11.0.0
Up to (excluding)
11.0.3
 cpe:/a:vmware:workstation
     Show Matching CPE(s)
From (including)
14.0.0
Up to (excluding)
14.1.7
 cpe:/a:vmware:workstation
     Show Matching CPE(s)
From (including)
15.0.0
Up to (excluding)
15.0.4
 cpe:/o:vmware:esxi:6.0:-
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.0:600-201811001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.0:600-201811401
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:-
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707101
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707102
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707103
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707201
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707202
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707203
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707204
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707205
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707206
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707207
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707208
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707209
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707210
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707211
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707212
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707213
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707214
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707215
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707216
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707217
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707218
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707219
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707220
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707221
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201811001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201811301
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:-
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810101
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810102
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810103
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810201
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810202
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810203
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810204
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810205
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810206
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810207
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810208
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810209
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810210
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810211
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810212
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810213
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810214
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810215
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810216
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810217
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810218
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810219
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810220
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810221
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810222
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810223
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810224
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810225
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810226
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810227
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810228
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810229
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810230
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810231
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810232
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810233
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810234
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201901401
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201901402
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201901403
     Show Matching CPE(s)


Change History

3 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2019-5518
NVD Published Date:
04/01/2019
NVD Last Modified:
05/10/2019