CVE-2019-5536Improper Input Validation in Vmware Fusion

CWE-20Improper Input Validation6 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 28.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware FusionVmware WorkstationVmware Esxi
Timeline
PublishedOct 28
Latest updateMay 24

Description

VMware ESXi (6.7 before ESXi670-201908101-SG and 6.5 before ESXi650-201910401-SG), Workstation (15.x before 15.5.0) and Fusion (11.x before 11.5.0) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with normal user privileges to create a denial-of-service condition on their own VM. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDvmware/fusion11.0.011.5.0
NVDvmware/workstation15.0.015.5.0
NVDvmware/esxi6.5, 6.7+1

🔴Vulnerability Details

2
GHSA
GHSA-c3gx-v2m9-m8vc: VMware ESXi (62022-05-24
CVEList
CVE-2019-5536: VMware ESXi (62019-10-28

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation and Fusion updates address a denial-of-service vulnerability (CVE-2019-5536)2019-10-24

🕵️Threat Intelligence

2
Talos
Vulnerability Spotlight: Denial-of-service in VMWare Fusion 112019-10-28
Talos
Vulnerability Spotlight: Denial-of-service in VMWare Fusion 112019-10-28
CVE-2019-5536 — Improper Input Validation in Vmware | cvebase