SB2019080206 - Multiple vulnerabilities in VMware products

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2019080206

SB2019080206 - Multiple vulnerabilities in VMware products

Published: August 2, 2019 Updated: October 30, 2019

Security Bulletin ID SB2019080206
Severity
High
Patch available
YES
Number of vulnerabilities 10
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 30% Medium 50% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 10 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2019-5521)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the pixel shader functionality. A remote unprivileged user with access to a guest operating system can trigger out-of-bounds read error and read contents of memory on the system on perform a denial of service attack.



2) Out-of-bounds write (CVE-ID: CVE-2019-5684)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A remote unprivileged user with access to a guest operating system can trigger out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability can be exploited only if the host has an affected NVIDIA graphics driver.


3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-5512)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected software running on Windows does not handle COM classes appropriately. A local authenticated user can hijack the COM classes used by the VMX proccess on a Windows host and elevate privileges on the target system.


4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-5511)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the affected software running on Windows does not handle paths appropriately. A local authenticated user can hijack the path to the VMX executable on a Windows host and elevate privileges on the target system.


5) Out-of-bounds write (CVE-ID: CVE-2019-5515)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the e1000 and e1000e virtual network adapters. A remote authenticated attacker can trigger out-of-bounds write and execute arbitrary code on the host but it is more likely to result in a denial of service of the guest.


6) Out-of-bounds read (CVE-ID: CVE-2019-5520)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the affected system. A remote attacker with access to a virtual machine with 3D graphics enabled can trigger out-of-bounds read error and read contents of memory on the system.


7) Out-of-bounds read (CVE-ID: CVE-2019-5517)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the shader translator. A remote authenticated attacker with access to a virtual machine with 3D graphics enabled can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition on their own VM.


8) Out-of-bounds read (CVE-ID: CVE-2019-5516)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the vertex shader functionality. A remote authenticated attacker with access to a virtual machine with 3D graphics enabled can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service (DoS) condition on their own VM.


9) Out-of-bounds write (CVE-ID: CVE-2019-5524)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in the e1000 virtual network adapter. A remote authenticated attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


10) Command Injection (CVE-ID: CVE-2019-5514)

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to certain unauthenticated APIs accessible through a web socket. A remote attacker can trick the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed and execute arbitrary commands on the target system.


Remediation

Install update from vendor's website.

References