CVE-2019-5511 — Vmware Workstation vulnerability

4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 87.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Workstation Vmware Workstation

Timeline

PublishedApr 9

Latest updateMay 13

Description

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle paths appropriately. Successful exploitation of this issue may allow the path to the VMX executable, on a Windows host, to be hijacked by a non-administrator leading to elevation of privilege.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages2 packages

▶NVDvmware/workstation14.0.0 — 14.1.6+1

▶CVEListV5vmware/vmware_workstationVMware Workstation 15.x prior to 15.0.3, 14.x before 14.1.6

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-8g5g-pp3h-rchw: VMware Workstation (15↗2022-05-13

▶

CVEList

CVE-2019-5511: VMware Workstation (15↗2019-04-09

▶

📋Vendor Advisories

VMware

VMware Horizon update addresses Connection Server information disclosure vulnerability↗2019-03-14

▶