Main Vulnerability Database Vulnerabilities #VU21242

#VU21242 Input validation error in VMware Workstation and VMware Fusion - CVE-2019-5535

Published: September 21, 2019

Vulnerability identifier: #VU21242

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-5535

CWE-ID: CWE-20

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
VMware Workstation
VMware Fusion

Software vendor:
VMware, Inc

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of IPV6 network traffic. A local user on guest OS can send specially crafted IPV6 packets and disallow network connectivity for all guest machines using VMware NAT mode.

Successful exploitation of this vulnerability requires that VMNAT is enabled.

Remediation

Install updates from vendor's website.

External links

http://www.vmware.com/security/advisories/VMSA-2019-0014.html