← Volver a CVEs
CVE-2019-5514
N/ADescripcion
VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Detalles CVE
Puntuacion CVSS v3.1N/A
Publicado4/1/2019
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
vmware:fusion
Debilidades (CWE)
CWE-306
Referencias
http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html(security@vmware.com)
http://www.securityfocus.com/bid/107637(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2019-0005.html(security@vmware.com)
http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/107637(af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2019-0005.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.