CVE-2019-5515

moderate-risk
Published 2019-04-02

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) and Fusion (11.x before 11.0.3, 10.x before 10.1.6) updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters. Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.

Do I need to act?

~
4.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10 High
NETWORK / LOW complexity

Affected Products (2)

Affected Vendors

Vmware

References (10)

Third Party Advisory https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005....
Third Party Advisory https://www.securityfocus.com/bid/107634
Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2019-0005.html
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-19-306/
https://www.zerodayinitiative.com/advisories/ZDI-19-516/
Third Party Advisory https://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005....
Third Party Advisory https://www.securityfocus.com/bid/107634
Vendor Advisory https://www.vmware.com/security/advisories/VMSA-2019-0005.html
Third Party Advisory https://www.zerodayinitiative.com/advisories/ZDI-19-306/
https://www.zerodayinitiative.com/advisories/ZDI-19-516/
44
/ 100
moderate-risk
Severity 30/34 · Critical
Exploitability 7/34 · Low
Exposure 7/34 · Low