| Vulnerability Name: | CVE-2019-5522 (CCN-162241) | ||||||||||||
| Assigned: | 2019-06-06 | ||||||||||||
| Published: | 2019-06-06 | ||||||||||||
| Updated: | 2019-06-13 | ||||||||||||
| Summary: | VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine. | ||||||||||||
| CVSS v3 Severity: | 7.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H) 6.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)
6.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
| ||||||||||||
| Vulnerability Type: | CWE-125 | ||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2019-5522 Source: BID Type: Third Party Advisory, VDB Entry 108673 Source: XF Type: UNKNOWN vmware-cve20195522-info-disc(162241) Source: CCN Type: VMware Security Advisory VMSA-2019-0009 VMware Tools and Workstation updates address out of bounds read and use-after-free vulnerabilities. Source: CONFIRM Type: Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2019-0009.html | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||