{"containers": {"cna": {"affected": [{"product": "VMware ESXi, Workstation, Fusion", "vendor": "VMware", "versions": [{"status": "affected", "version": "ESXi 6.7 before ESXi670-201903001"}, {"status": "affected", "version": "ESXi 6.5 before ESXi650-201903001"}, {"status": "affected", "version": "ESXi 6.0 before ESXi600-201903001"}, {"status": "affected", "version": "Workstation 15.x before 15.0.4"}, {"status": "affected", "version": "Workstation 14.x before 14.1.7"}, {"status": "affected", "version": "Fusion 11.x before 11.0.3"}, {"status": "affected", "version": "Fusion 10.x before 10.1.6"}]}], "datePublic": "2019-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host."}], "problemTypes": [{"descriptions": [{"description": "Time-of-check Time-of-use (TOCTOU) vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-24T11:06:04", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"name": "107535", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107535"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-420/"}, {"name": "108443", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108443"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2019-5519", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware ESXi, Workstation, Fusion", "version": {"version_data": [{"version_value": "ESXi 6.7 before ESXi670-201903001"}, {"version_value": "ESXi 6.5 before ESXi650-201903001"}, {"version_value": "ESXi 6.0 before ESXi600-201903001"}, {"version_value": "Workstation 15.x before 15.0.4"}, {"version_value": "Workstation 14.x before 14.1.7"}, {"version_value": "Fusion 11.x before 11.0.3"}, {"version_value": "Fusion 10.x before 10.1.6"}]}}]}, "vendor_name": "VMware"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Time-of-check Time-of-use (TOCTOU) vulnerability"}]}]}, "references": {"reference_data": [{"name": "107535", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107535"}, {"name": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"}, {"name": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html", "refsource": "CONFIRM", "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"}, {"name": "https://www.zerodayinitiative.com/advisories/ZDI-19-420/", "refsource": "MISC", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-420/"}, {"name": "108443", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108443"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:01:51.426Z"}, "title": "CVE Program Container", "references": [{"name": "107535", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107535"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-420/"}, {"name": "108443", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108443"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2019-5519", "datePublished": "2019-04-01T20:39:47", "dateReserved": "2019-01-07T00:00:00", "dateUpdated": "2024-08-04T20:01:51.426Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "1BEBF6D2-4832-46F0-A0B1-4B47FDCFD6BE", "versionEndExcluding": "10.1.6", "versionStartIncluding": "10.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "matchCriteriaId": "D1D88E61-CE5C-467A-A720-F4DCFC248134", "versionEndExcluding": "11.0.3", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "09B11AFA-BA40-40C7-9F8E-6CB1A7DAE369", "versionEndExcluding": "14.1.7", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "matchCriteriaId": "D0F08B22-5048-4A6C-9250-6A3593A4570F", "versionEndExcluding": "15.0.4", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*", "matchCriteriaId": "3E8861F4-D390-4738-BBF0-9EE4684E9667", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*", "matchCriteriaId": "0BC70488-A435-43BE-AEF4-30CBA36CBC03", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811401:*:*:*:*:*:*", "matchCriteriaId": "2B37DC7D-A1C6-468F-A42E-160CE226FF7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*", "matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*", "matchCriteriaId": "75FAFF86-C65F-4723-8A63-BACE2F797937", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*", "matchCriteriaId": "DBC31DE3-ACFE-422F-B253-2FE4AAFE3954", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*", "matchCriteriaId": "B30B3EA4-495F-4915-B6E3-5FB9277C2DE6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*", "matchCriteriaId": "6FA9E337-B4F3-4895-BA58-962F8CDEE73E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*", "matchCriteriaId": "830B0BC1-A368-49AC-B6C9-B000972EF92A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*", "matchCriteriaId": "614394F3-3BEE-4E12-AABF-436D54A04313", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*", "matchCriteriaId": "350FD3CE-8B64-4FCF-82DE-BE941156F4F6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*", "matchCriteriaId": "C9EAE177-6C7E-4C1B-ADEE-2C036F731272", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*", "matchCriteriaId": "DFFEEC31-8462-4DF9-A1DA-D7057C209CBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*", "matchCriteriaId": "0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*", "matchCriteriaId": "942DAD67-9455-4D02-BD3B-BFD2DE7A7E52", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*", "matchCriteriaId": "7ACC1A72-F6B6-430A-AB89-AB0A11587F58", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*", "matchCriteriaId": "45111C74-BF6F-4C05-A0D3-CE325AD0C02B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*", "matchCriteriaId": "B1CE5849-01B1-4E36-83E8-496A3F328C9C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*", "matchCriteriaId": "A879BA05-3A80-4EBC-AA9D-9B53695425B4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*", "matchCriteriaId": "3D65A0E8-A1E0-42F3-B77D-2F32979278BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*", "matchCriteriaId": "80C10150-39BA-4818-B48F-8645D4A0D316", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*", "matchCriteriaId": "9792B986-86EF-40E0-9427-A45F858717E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*", "matchCriteriaId": "37EDD688-C91A-4A35-913A-82E156ADD242", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*", "matchCriteriaId": "5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*", "matchCriteriaId": "47DA50DA-7CA4-4B76-8B3B-A5732509F71D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*", "matchCriteriaId": "76EB1A04-0645-4909-AEF9-33D6FADA4793", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*", "matchCriteriaId": "F1A35723-D968-42D6-89EB-86CA550516E6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*", "matchCriteriaId": "C3AC8A19-F98E-48F1-A1EA-EAA1C7208335", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*", "matchCriteriaId": "E7DF3ED7-FA3F-4EBC-99AC-B7AD20E85927", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*", "matchCriteriaId": "DE1372AD-2853-4BED-BB71-6BACB28B95C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*", "matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*", "matchCriteriaId": "EDA4AE4C-3BA8-472D-950A-3C8684565CD8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*", "matchCriteriaId": "6AA3617D-B911-4BC5-B544-B31D4F43D2B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*", "matchCriteriaId": "CDC6E0F6-83DF-4670-8D04-A41C7DC1B881", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*", "matchCriteriaId": "047A71B3-CDFB-41F3-B2DE-11360DAE5744", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*", "matchCriteriaId": "F88691FD-F263-4B75-BF21-481BC1623C3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*", "matchCriteriaId": "D2A47CDA-D3DD-4E0F-8268-32A188EA1D94", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*", "matchCriteriaId": "36A67476-2E8E-4104-9F10-7AE42F82508F", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*", "matchCriteriaId": "ED029F1A-96D0-4EF2-9148-FC98E8B8FDCC", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*", "matchCriteriaId": "E2283675-582F-44A8-833B-B5B439CBFA1E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*", "matchCriteriaId": "94C4A188-6B00-48C4-B7E2-9F70811BF618", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*", "matchCriteriaId": "F82943E9-E2D0-49F4-BD32-40E84BA1957E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*", "matchCriteriaId": "3ACB68F5-EC73-4C30-8FD3-F6647F9BCCD4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*", "matchCriteriaId": "B854BA24-11FD-4D0C-9EFD-A88E64FED4E4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*", "matchCriteriaId": "554434AB-763F-4E95-B616-F7594041D511", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*", "matchCriteriaId": "CE56E7AC-F63D-4A4B-9B45-0E623973B14B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*", "matchCriteriaId": "36664142-0111-42F5-A371-AD2C0DF211EF", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*", "matchCriteriaId": "49EA78B6-8208-4351-88F9-103CA01EF3A1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*", "matchCriteriaId": "27AC575F-9AC4-4AA1-A71C-BF9F752295F1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*", "matchCriteriaId": "4C0F47F3-0509-45AC-8EA9-37246E4E6095", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*", "matchCriteriaId": "CE103301-6AEF-4348-8F36-833021739AEF", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*", "matchCriteriaId": "8D92B2FF-8962-41F9-B019-D83AAAD188FC", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*", "matchCriteriaId": "8E6D5227-3421-412F-9BE0-583AA768446D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*", "matchCriteriaId": "BD2F52AF-D7EF-4F57-8F04-B0C6CD3FED63", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*", "matchCriteriaId": "82BA9EB1-4EFB-4649-92C7-2C307966956E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*", "matchCriteriaId": "2133378D-8DFD-48B9-83A1-9FA7DDC68902", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*", "matchCriteriaId": "57BF8703-0C83-4BA5-B0F7-FB6E45229685", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*", "matchCriteriaId": "DAADDD62-2F6E-4D12-A49F-3D38ACF488E8", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*", "matchCriteriaId": "B5834F35-6D9A-48E5-BB5C-3A7D6CCE36D6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*", "matchCriteriaId": "27FA0C0E-B5A2-4619-998B-CFB45496D895", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*", "matchCriteriaId": "B98EDBA4-0BA4-4894-B6F6-681117A5C5C9", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*", "matchCriteriaId": "8E756914-2C2A-4999-AAEA-2F6835A29C49", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*", "matchCriteriaId": "0AC0C89B-26A3-40F7-855F-5F6B36B77F5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*", "matchCriteriaId": "5BF2FE18-A90E-429A-98D1-9A97DD0464B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*", "matchCriteriaId": "92289D85-0652-41D1-A6BA-D4B8C7EE1F45", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*", "matchCriteriaId": "CF41887D-B145-4D01-9AEF-2E36479B2FA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*", "matchCriteriaId": "0FEAF0ED-BD20-4BA6-BB23-1C978B823A11", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*", "matchCriteriaId": "36234CE1-FA7E-4534-9720-410435E2BAEE", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*", "matchCriteriaId": "494E0B07-CE16-46D4-A89B-4F12A6CECDF4", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*", "matchCriteriaId": "DD046237-16D7-4A57-9F09-2A6A649368C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*", "matchCriteriaId": "8343E8DB-1D54-4B82-9254-2E2AFC548609", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host."}, {"lang": "es", "value": "VMware ESXi (en las versiones 6.7 anteriores a la ESXi670-201903001, en las 6.5 anteriores a la ESXi650-201903001 y en las 6.0 anteriores a la ESXi600-201903001), Workstation (en las versiones 15.x anteriores a la 15.0.4 y en las 14.x anteriores a la 14.1.7), Fusion (en las versiones 11.x anteriores a la 11.0.3 y en las 10.x anteriores a la 10.1.6) contiene una vulnerabilidad de time-of-check time-of-use (TOCTOU) en la UHCI virtual (Universal Host Controller Interface) de USB 1.1. La explotaci\u00f3n de este fallo requiere que el atacante tenga acceso a una m\u00e1quina virtual con un controlador USB virtual presente. Este problema puede permitir que un invitado ejecute c\u00f3digo en el host"}], "id": "CVE-2019-5519", "lastModified": "2024-11-21T04:45:05.893", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-01T21:30:44.000", "references": [{"source": "security@vmware.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"}, {"source": "security@vmware.com", "url": "http://www.securityfocus.com/bid/107535"}, {"source": "security@vmware.com", "url": "http://www.securityfocus.com/bid/108443"}, {"source": "security@vmware.com", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"}, {"source": "security@vmware.com", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-420/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/107535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/108443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2019-0005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-420/"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-367"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}