CVE-2019-5514

CWE-306Missing Authentication4 documents4 sources
Severity
8.8HIGH
EPSS
1.1%
top 21.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware FusionVmware Vmware Fusion
Timeline
PublishedApr 1
Latest updateMay 13

Description

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDvmware/fusion11.0.011.0.3
CVEListV5vmware/vmware_fusion11.x before 11.0.3

🔴Vulnerability Details

2
GHSA
GHSA-6vc3-crc6-4w78: VMware VMware Fusion (112022-05-13
CVEList
CVE-2019-5514: VMware VMware Fusion (112019-04-01

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation and Fusion updates address multiple security issues.2019-03-28