CVE-2019-5540Missing Release of Memory after Effective Lifetime in Vmware Fusion

CWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
7.7HIGHNVD
EPSS
0.2%
top 55.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Vmware FusionVmware WorkstationVmware Workstation AND Fusion
Timeline
PublishedNov 20
Latest updateMay 24

Description

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

CVEListV5vmware/workstation_and_fusionWorkstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1)
NVDvmware/fusion11.0.011.5.1
NVDvmware/workstation15.0.015.5.1

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-3qmj-8cpx-9xxp: VMware Workstation (152022-05-24
CVEList
CVE-2019-5540: VMware Workstation (152019-11-20

💥Exploits & PoCs

1
Exploit-DB
Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass2019-11-06

📋Vendor Advisories

1
VMware
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2019-5540, CVE-2019-5541, CVE-2019-5542)2019-11-12
CVE-2019-5540 — Vmware Fusion vulnerability | cvebase