National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2019-5520 Detail

Current Description

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201903001), Workstation (15.x before 15.0.3 and 14.x before 14.1.6), Fusion (11.x before 11.0.3 and 10.x before 10.1.6) updates address an out-of-bounds read vulnerability. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. Successful exploitation of this issue may lead to information disclosure.The workaround for this issue involves disabling the 3D-acceleration feature. This feature is not enabled by default on ESXi and is enabled by default on Workstation and Fusion.

Source:  MITRE
Description Last Modified:  04/15/2019
View Analysis Description

Impact

CVSS v3.0 Severity and Metrics:

Base Score: 5.9 MEDIUM
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N (V3 legend)
Impact Score: 3.6
Exploitability Score: 2.2


Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): None
Availability (A): None

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): Partial
Integrity (I): None
Availability (A): None
Additional Information:
Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://www.vmware.com/security/advisories/VMSA-2019-0006.html Patch Vendor Advisory
https://www.zerodayinitiative.com/advisories/ZDI-19-369/

Technical Details

Vulnerability Type (View All)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:vmware:fusion
     Show Matching CPE(s)
From (including)
10.0.0
Up to (excluding)
10.1.6
 cpe:/a:vmware:fusion
     Show Matching CPE(s)
From (including)
11.0.0
Up to (excluding)
11.0.3
 cpe:/a:vmware:workstation
     Show Matching CPE(s)
From (including)
14.0.0
Up to (excluding)
14.1.6
 cpe:/a:vmware:workstation
     Show Matching CPE(s)
From (including)
15.0.0
Up to (excluding)
15.0.3
 cpe:/o:vmware:esxi:6.5:-
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201701001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201703001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201703002
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201704001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707101
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707102
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707103
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707201
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707202
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707203
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707204
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707205
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707206
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707207
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707208
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707209
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707210
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707211
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707212
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707213
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707214
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707215
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707216
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707217
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707218
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707219
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707220
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201707221
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201710001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201712001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201803001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201806001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201808001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201810001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201810002
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201811001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201811002
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201811301
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.5:650-201901001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:-
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201806001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201807001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201808001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810101
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810102
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810103
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810201
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810202
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810203
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810204
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810205
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810206
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810207
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810208
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810209
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810210
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810211
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810212
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810213
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810214
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810215
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810216
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810217
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810218
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810219
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810220
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810221
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810222
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810223
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810224
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810225
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810226
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810227
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810228
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810229
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810230
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810231
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810232
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810233
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201810234
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201811001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201901001
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201901401
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201901402
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201901403
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904201
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904202
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904203
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904204
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904205
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904206
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904207
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904208
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904209
     Show Matching CPE(s)
 cpe:/o:vmware:esxi:6.7:670-201904210
     Show Matching CPE(s)

Showing 100 of 120 CPEs, view all CPEs here.

Change History

2 change records found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2019-5520
NVD Published Date:
04/15/2019
NVD Last Modified:
04/17/2019