CVE-2019-5527

Description

ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.

Related CPE's

ovmwareesxi********

vulnerable

ovmwareesxi********

vulnerable

ovmwareesxi********

vulnerable

avmwareremote_console*****linux**

vulnerable

avmwarefusion********

vulnerable

avmwarehorizon*****linux**

vulnerable

avmwarehorizon*****mac_os**

vulnerable

avmwarehorizon*****windows**

vulnerable

avmwareremote_console*****windows**

vulnerable

avmwareworkstation********

vulnerable

References

https://www.vmware.com/security/advisories/VMSA-2019-0014.html

Vendor Advisory

CvssV3 impact

Version

3.1

VectorString

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AttackVector

LOCAL

AttackComplexity

LOW

PrivilegesRequired

LOW

UserInteraction

NONE

Scope

CHANGED

ConfidentialityImpact

HIGH

IntegrityImpact

HIGH

AvailabilityImpact

HIGH

BaseScore

8.8

BaseSeverity

HIGH

CvssV2 impact

Version

2.0

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

AccessVector

LOCAL

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

COMPLETE

IntegrityImpact

COMPLETE

AvailabilityImpact

COMPLETE

BaseScore

7.2

Created by Yello
About Severity.io