Vulnerability Description
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Fusion | >= 11.0.0, < 11.0.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.hThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/107637Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2019-0005.htmlVendor Advisory
- http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.hThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/107637Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2019-0005.htmlVendor Advisory
FAQ
What is CVE-2019-5514?
CVE-2019-5514 is a vulnerability with a CVSS score of 8.8 (HIGH). VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host...
How severe is CVE-2019-5514?
CVE-2019-5514 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5514?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Fusion.