Today, VMware has released the following new security advisories:
VMSA-2019-0004: VMware vCloud Director for Service Providers update resolves a Remote Session Hijack vulnerability
This advisory documents a Critical severity Remote Session Hijack vulnerability (CVE-2019-5523) in the Tenant and Provider Portals. Successful exploitation of this issue may allow a malicious actor to access the Tenant or Provider Portals by impersonating a currently logged in session.
We would like to thank Tyler Flaagan, Eric Holm, Andrew Kramer, and Logan Stratton of Dakota State University for reporting this issue to us.
VMSA-2019-0005 – VMware ESXi, Workstation and Fusion updates address multiple security issues
This advisory documents Critical and Important Severity issues.
Critical issue (a) VMware ESXi, Workstation and Fusion contain an out-of-bounds read/write vulnerability (CVE-2019-5518) and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface) (CVE-2019-5519). Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
Critical issue (b) VMware Workstation and Fusion contain an out-of-bounds write vulnerability in the e1000 virtual network adapter (CVE-2019-5524). This issue may allow a guest to execute code on the host.
Important issue (c) VMware Workstation and Fusion updates address an out-of-bounds write vulnerability in the e1000 and e1000e virtual network adapters (CVE-2019-5515). Exploitation of this issue may lead to code execution on the host from the guest but it is more likely to result in a denial of service of the guest.
We would like to thank Fluoroacetate team of Amat Cama and Richard Zhu, working with the Pwn2Own 2019 Security Contest, researcher Zhangyanyu of Chaitin Tech, ZhanluLab working with Trend Micro’s Zero Day Initiative, CodeColorist (@CodeColorist) and Csaba Fitzl (@theevilbit) for reporting these issues to us.
Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.
Customers should review the security advisories and direct any questions to VMware Support.