CVE-2019-5519 — Time-of-check Time-of-use (TOCTOU) Race Condition in Vmware Fusion

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

0.1%

top 80.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Esxi

Timeline

PublishedApr 1

Latest updateMay 13

Description

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code …

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages3 packages

▶NVDvmware/fusion10.0.0 — 10.1.6+1

▶NVDvmware/workstation14.0.0 — 14.1.7+1

▶NVDvmware/esxi6.0, 6.5, 6.7+2

🔴Vulnerability Details

GHSA

GHSA-93m3-v38w-pv5q: VMware ESXi (6↗2022-05-13

▶

CVEList

CVE-2019-5519: VMware ESXi (6↗2019-04-01

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation and Fusion updates address multiple security issues.↗2019-03-28

▶

💬Community

Bugzilla

CVE-2019-1010310 glpi: Frame and Form tags Injection in Tools > Reminder > Description section↗2019-08-02

▶