Vulnerability CVE-2019-5522


Published: 2019-06-06

Description:
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.

Type:

CWE-125

(Out-of-bounds Read)

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.6/10
4.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
Partial
Affected software
Vmware -> Tools 

 References:
http://www.securityfocus.com/bid/108673
https://www.vmware.com/security/advisories/VMSA-2019-0009.html

Copyright 2020, cxsecurity.com

 

Back to Top