CVE-2019-5543

CWE-732Incorrect Permission Assignment5 documents5 sources
Severity
7.8HIGH
EPSS
0.1%
top 70.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Vmware Horizon ClientVmware Remote ConsoleVmware Workstation+3 more
Timeline
PublishedMar 16
Latest updateMay 24

Description

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5vmware/vmware_horizon_client_for_windows5.x and prior before 5.3.0
CVEListV5vmware/vmware_remote_console_for_windows10.x before 11.0.0
CVEListV5vmware/vmware_workstation_for_windows15.x before 15.5.2
NVDvmware/horizon_client5.0.05.3.0
NVDvmware/remote_console10.0.011.0.0

🔴Vulnerability Details

2
GHSA
GHSA-r5j5-qr4j-4j6w: For VMware Horizon Client for Windows (52022-05-24
CVEList
CVE-2019-5543: For VMware Horizon Client for Windows (52020-03-16

💥Exploits & PoCs

1
Exploit-DB
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery2019-12-02

📋Vendor Advisories

1
VMware
VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543, CVE-2020-3947, CVE-2020-3948)2020-03-12
CVE-2019-5543 (HIGH CVSS 7.8) | For VMware Horizon Client for Windo | cvebase.io