CVE-2019-5519
Published Apr 1, 2019
Last updated 4 years ago
Overview
- Description
- VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.
- Source
- security@vmware.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 5.9
- Exploitability score
- 0.9
- Vector string
- CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- nvd@nist.gov
- CWE-367
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1BEBF6D2-4832-46F0-A0B1-4B47FDCFD6BE",
"versionEndExcluding": "10.1.6",
"versionStartIncluding": "10.0.0"
},
{
"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1D88E61-CE5C-467A-A720-F4DCFC248134",
"versionEndExcluding": "11.0.3",
"versionStartIncluding": "11.0.0"
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09B11AFA-BA40-40C7-9F8E-6CB1A7DAE369",
"versionEndExcluding": "14.1.7",
"versionStartIncluding": "14.0.0"
},
{
"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0F08B22-5048-4A6C-9250-6A3593A4570F",
"versionEndExcluding": "15.0.4",
"versionStartIncluding": "15.0.0"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E8861F4-D390-4738-BBF0-9EE4684E9667"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BC70488-A435-43BE-AEF4-30CBA36CBC03"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.0:600-201811401:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B37DC7D-A1C6-468F-A42E-160CE226FF7D"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBA15143-734D-4889-8B5A-2445A2DDDD4B"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75FAFF86-C65F-4723-8A63-BACE2F797937"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBC31DE3-ACFE-422F-B253-2FE4AAFE3954"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707103:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B30B3EA4-495F-4915-B6E3-5FB9277C2DE6"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707201:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6FA9E337-B4F3-4895-BA58-962F8CDEE73E"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707202:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "830B0BC1-A368-49AC-B6C9-B000972EF92A"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707203:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "614394F3-3BEE-4E12-AABF-436D54A04313"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707204:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "350FD3CE-8B64-4FCF-82DE-BE941156F4F6"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707205:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C9EAE177-6C7E-4C1B-ADEE-2C036F731272"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707206:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFFEEC31-8462-4DF9-A1DA-D7057C209CBA"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707207:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AC6BC16-0A1D-44B3-BA68-63EA05EDD54B"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707208:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "942DAD67-9455-4D02-BD3B-BFD2DE7A7E52"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707209:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ACC1A72-F6B6-430A-AB89-AB0A11587F58"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707210:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "45111C74-BF6F-4C05-A0D3-CE325AD0C02B"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707211:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B1CE5849-01B1-4E36-83E8-496A3F328C9C"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707212:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A879BA05-3A80-4EBC-AA9D-9B53695425B4"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707213:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3D65A0E8-A1E0-42F3-B77D-2F32979278BB"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707214:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80C10150-39BA-4818-B48F-8645D4A0D316"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707215:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9792B986-86EF-40E0-9427-A45F858717E1"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707216:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37EDD688-C91A-4A35-913A-82E156ADD242"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707217:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5CC1AC0E-8D3F-46C0-BDA9-EB9DC9971F57"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707218:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "47DA50DA-7CA4-4B76-8B3B-A5732509F71D"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707219:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76EB1A04-0645-4909-AEF9-33D6FADA4793"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707220:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1A35723-D968-42D6-89EB-86CA550516E6"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201707221:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3AC8A19-F98E-48F1-A1EA-EAA1C7208335"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811001:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7DF3ED7-FA3F-4EBC-99AC-B7AD20E85927"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.5:650-201811301:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE1372AD-2853-4BED-BB71-6BACB28B95C9"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B2792D06-A73E-4A56-A152-82E1AD4E707D"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810101:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EDA4AE4C-3BA8-472D-950A-3C8684565CD8"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810102:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6AA3617D-B911-4BC5-B544-B31D4F43D2B3"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810103:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDC6E0F6-83DF-4670-8D04-A41C7DC1B881"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810201:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "047A71B3-CDFB-41F3-B2DE-11360DAE5744"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810202:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F88691FD-F263-4B75-BF21-481BC1623C3C"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810203:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2A47CDA-D3DD-4E0F-8268-32A188EA1D94"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810204:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36A67476-2E8E-4104-9F10-7AE42F82508F"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810205:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ED029F1A-96D0-4EF2-9148-FC98E8B8FDCC"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810206:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E2283675-582F-44A8-833B-B5B439CBFA1E"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810207:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94C4A188-6B00-48C4-B7E2-9F70811BF618"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810208:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F82943E9-E2D0-49F4-BD32-40E84BA1957E"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810209:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3ACB68F5-EC73-4C30-8FD3-F6647F9BCCD4"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810210:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B854BA24-11FD-4D0C-9EFD-A88E64FED4E4"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810211:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "554434AB-763F-4E95-B616-F7594041D511"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810212:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE56E7AC-F63D-4A4B-9B45-0E623973B14B"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810213:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36664142-0111-42F5-A371-AD2C0DF211EF"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810214:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "49EA78B6-8208-4351-88F9-103CA01EF3A1"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810215:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27AC575F-9AC4-4AA1-A71C-BF9F752295F1"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810216:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C0F47F3-0509-45AC-8EA9-37246E4E6095"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810217:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE103301-6AEF-4348-8F36-833021739AEF"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810218:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D92B2FF-8962-41F9-B019-D83AAAD188FC"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810219:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E6D5227-3421-412F-9BE0-583AA768446D"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810220:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD2F52AF-D7EF-4F57-8F04-B0C6CD3FED63"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810221:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "82BA9EB1-4EFB-4649-92C7-2C307966956E"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810222:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2133378D-8DFD-48B9-83A1-9FA7DDC68902"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810223:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57BF8703-0C83-4BA5-B0F7-FB6E45229685"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810224:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DAADDD62-2F6E-4D12-A49F-3D38ACF488E8"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810225:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5834F35-6D9A-48E5-BB5C-3A7D6CCE36D6"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810226:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27FA0C0E-B5A2-4619-998B-CFB45496D895"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810227:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B98EDBA4-0BA4-4894-B6F6-681117A5C5C9"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810228:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E756914-2C2A-4999-AAEA-2F6835A29C49"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810229:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0AC0C89B-26A3-40F7-855F-5F6B36B77F5B"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810230:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5BF2FE18-A90E-429A-98D1-9A97DD0464B0"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810231:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92289D85-0652-41D1-A6BA-D4B8C7EE1F45"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810232:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CF41887D-B145-4D01-9AEF-2E36479B2FA1"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810233:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FEAF0ED-BD20-4BA6-BB23-1C978B823A11"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201810234:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36234CE1-FA7E-4534-9720-410435E2BAEE"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901401:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "494E0B07-CE16-46D4-A89B-4F12A6CECDF4"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901402:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DD046237-16D7-4A57-9F09-2A6A649368C6"
},
{
"criteria": "cpe:2.3:o:vmware:esxi:6.7:670-201901403:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8343E8DB-1D54-4B82-9254-2E2AFC548609"
}
],
"operator": "OR"
}
]
}
]