CVE-2019-5535 — Improper Input Validation in Vmware Fusion

CWE-20 — Improper Input Validation4 documents4 sources

Severity

4.7MEDIUMNVD

EPSS

0.1%

top 77.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation Vmware Workstation AND Fusion

Timeline

PublishedOct 10

Latest updateMay 24

Description

VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.7.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5vmware/vmware_workstation_and_fusionVMware Workstation 15.x and Fusion 11.x

▶NVDvmware/fusion11.0.0 — 11.5.0

▶NVDvmware/workstation15.0.0 — 15.5.0

🔴Vulnerability Details

GHSA

GHSA-wpc3-hcvp-r9g8: VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets↗2022-05-24

▶

CVEList

CVE-2019-5535: VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets↗2019-10-10

▶

📋Vendor Advisories

VMware

VMware ESXi, Workstation, Fusion, VMRC and Horizon Client updates address use-after-free and denial of service vulnerabilities. (CVE-2019-5527, CVE-2019-5535)↗2019-09-19

▶