CVE-2019-5522
low-risk
Published 2019-06-06
VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine.
Do I need to act?
-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
LOCAL
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/108673
Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2019-0009.html
Third Party Advisory
http://www.securityfocus.com/bid/108673
Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2019-0009.html
28
/ 100
low-risk
Severity
22/34 · High
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal