VMware issued a security advisory for two vulnerabilities that impact multiple VMware products. The vulnerability severity ranges from a CVSS v3 base score of 4.7 to 8.5.
In all, VMware patched a use-after-free (CVE-2019-5527) and denial-of-service (CVE-2019-5535) vulnerability in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client. Each are summarized in this post.
1) Use-after-free vulnerability (CVE-2019-5527)
VMware ESXi, Workstation, Fusion, VMRC and Horizon Client products each contain a use-after-free vulnerability in the virtual sound device. VMware has rated the severity issue a CVSS v3 base score of 8.5.
“A local attacker with non-administrative access on the guest machine may exploit this issue to execute code on the host,” VMware warned in the advisory.
2) Denial-of-service vulnerability (CVE-2019-5535)
VMware Workstation and Fusion each are impacted by a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. VMware has rated the severity issue a CVSS v3 base score of 4.7.
“An attacker may exploit this issue by sending a specially crafted IPv6 packet from a guest machine on the VMware NAT to disallow network access for all guest machines using VMware NAT mode. This issue can be exploited only if IPv6 mode for VMNAT is enabled,” VMware noted.
System administrators should upgrade to the latest versions as noted in the VMware advisory (VMSA-2019-0014.1).