Vulnerability Name:

CVE-2019-5519 (CCN-158821)

Assigned:2019-03-28
Published:2019-03-28
Updated:2020-08-24
Summary:VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.
CVSS v3 Severity:6.8 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
5.9 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Physical
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-367
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-5519

Source: MISC
Type: Third Party Advisory, VDB Entry
http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html

Source: CCN
Type: IBM Security Bulletin 885604 (PureApplication System)
Multiple open source vulnerabilities affect IBM PureApplication System

Source: BID
Type: UNKNOWN
107535

Source: BID
Type: UNKNOWN
108443

Source: XF
Type: UNKNOWN
vmware-cve20195519-code-exec(158821)

Source: CCN
Type: VMware Security Advisory VMSA-2019-0005
VMware ESXi, Workstation and Fusion updates address multiple security issues

Source: CONFIRM
Type: Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2019-0005.html

Source: CCN
Type: ZDI-19-420
(Pwn2Own) VMware Workstation UHCI Race Condition Privilege Escalation Vulnerability

Source: MISC
Type: UNKNOWN
https://www.zerodayinitiative.com/advisories/ZDI-19-420/

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version >= 10.0.0 and < 10.1.6)
  • OR cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version >= 11.0.0 and < 11.0.3)
  • OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 14.0.0 and < 14.1.7)
  • OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.0.4)
  • OR cpe:/o:vmware:esxi:6.0:-:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.0:600-201811401:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:-:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:-:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:vmware:esxi:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:14.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:11.0:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:pureapplication_system:2.2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:pureapplication_system:2.2.6.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware fusion *
    vmware fusion *
    vmware workstation *
    vmware workstation *
    vmware esxi 6.0 -
    vmware esxi 6.0 600-201811001
    vmware esxi 6.0 600-201811401
    vmware esxi 6.5 -
    vmware esxi 6.5 650-201707101
    vmware esxi 6.5 650-201707102
    vmware esxi 6.5 650-201707103
    vmware esxi 6.5 650-201707201
    vmware esxi 6.5 650-201707202
    vmware esxi 6.5 650-201707203
    vmware esxi 6.5 650-201707204
    vmware esxi 6.5 650-201707205
    vmware esxi 6.5 650-201707206
    vmware esxi 6.5 650-201707207
    vmware esxi 6.5 650-201707208
    vmware esxi 6.5 650-201707209
    vmware esxi 6.5 650-201707210
    vmware esxi 6.5 650-201707211
    vmware esxi 6.5 650-201707212
    vmware esxi 6.5 650-201707213
    vmware esxi 6.5 650-201707214
    vmware esxi 6.5 650-201707215
    vmware esxi 6.5 650-201707216
    vmware esxi 6.5 650-201707217
    vmware esxi 6.5 650-201707218
    vmware esxi 6.5 650-201707219
    vmware esxi 6.5 650-201707220
    vmware esxi 6.5 650-201707221
    vmware esxi 6.5 650-201811001
    vmware esxi 6.5 650-201811301
    vmware esxi 6.7 -
    vmware esxi 6.7 670-201810101
    vmware esxi 6.7 670-201810102
    vmware esxi 6.7 670-201810103
    vmware esxi 6.7 670-201810201
    vmware esxi 6.7 670-201810202
    vmware esxi 6.7 670-201810203
    vmware esxi 6.7 670-201810204
    vmware esxi 6.7 670-201810205
    vmware esxi 6.7 670-201810206
    vmware esxi 6.7 670-201810207
    vmware esxi 6.7 670-201810208
    vmware esxi 6.7 670-201810209
    vmware esxi 6.7 670-201810210
    vmware esxi 6.7 670-201810211
    vmware esxi 6.7 670-201810212
    vmware esxi 6.7 670-201810213
    vmware esxi 6.7 670-201810214
    vmware esxi 6.7 670-201810215
    vmware esxi 6.7 670-201810216
    vmware esxi 6.7 670-201810217
    vmware esxi 6.7 670-201810218
    vmware esxi 6.7 670-201810219
    vmware esxi 6.7 670-201810220
    vmware esxi 6.7 670-201810221
    vmware esxi 6.7 670-201810222
    vmware esxi 6.7 670-201810223
    vmware esxi 6.7 670-201810224
    vmware esxi 6.7 670-201810225
    vmware esxi 6.7 670-201810226
    vmware esxi 6.7 670-201810227
    vmware esxi 6.7 670-201810228
    vmware esxi 6.7 670-201810229
    vmware esxi 6.7 670-201810230
    vmware esxi 6.7 670-201810231
    vmware esxi 6.7 670-201810232
    vmware esxi 6.7 670-201810233
    vmware esxi 6.7 670-201810234
    vmware esxi 6.7 670-201901401
    vmware esxi 6.7 670-201901402
    vmware esxi 6.7 670-201901403
    vmware esxi 6.0
    vmware esxi 6.5
    vmware workstation 14.0
    vmware fusion 10.0
    vmware esxi 6.7
    vmware workstation 15.0
    vmware fusion 11.0
    ibm pureapplication system 2.2.3.0
    ibm pureapplication system 2.2.3.1
    ibm pureapplication system 2.2.3.2
    ibm pureapplication system 2.2.4.0
    ibm pureapplication system 2.2.5.0
    ibm pureapplication system 2.2.5.1
    ibm pureapplication system 2.2.5.2
    ibm pureapplication system 2.2.5.3
    ibm pureapplication system 2.2.6.0