Vulnerabilities > CVE-2019-5512 - Unspecified vulnerability in VMWare Workstation

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

vmware

microsoft

nessus

exploit available

NVD

Published: 2019-04-09

Updated: 2020-08-24

Summary

VMware Workstation (15.x before 15.0.3, 14.x before 14.1.6) running on Windows does not handle COM classes appropriately. Successful exploitation of this issue may allow hijacking of COM classes used by the VMX process, on a Windows host, leading to elevation of privilege.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Workstation 14.0.0 Vmware Workstation 14.1.0 Vmware Workstation 14.1.1 Vmware Workstation 14.1.2 Vmware Workstation 14.1.3 Vmware Workstation 14.1.4 Vmware Workstation 14.1.5 Vmware Workstation 15.0.0 Vmware Workstation 15.0.1 Vmware Workstation 15.0.2	10
OS	Microsoft Microsoft Windows -	1

Exploit-Db

id	EDB-ID:46601
last seen	2019-03-25
modified	2019-03-25
published	2019-03-25
reporter	Exploit-DB
source	https://www.exploit-db.com/download/46601
title	VMware Workstation 14.1.5 / VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

Nessus

NASL family	General
NASL id	VMWARE_WORKSTATION_WIN_VMSA_2019_0002.NASL
description	The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.6 or 15.x prior to 15.0.3. It is, therefore, affected by an elevation of privilege vulnerability in the creation of the VMX process on a windows host. An attacker with access to a host system may be able to hijack the path to the VMX executable or COM classes used by the VMX process leading to an elevation of privilege vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	123002
published	2019-03-21
reporter	This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/123002
title	VMware Workstation 14.x < 14.1.6 / 15.x < 15.0.3 Elevation of Privilege Vulnerability (VMSA-2019-0002)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(123002); script_version("1.8"); script_cvs_date("Date: 2019/10/30 13:24:47"); script_cve_id("CVE-2019-5511","CVE-2019-5512"); script_bugtraq_id(107429); script_xref(name:"VMSA", value:"2019-0002"); script_name(english:"VMware Workstation 14.x < 14.1.6 / 15.x < 15.0.3 Elevation of Privilege Vulnerability (VMSA-2019-0002)"); script_summary(english:"Checks the VMware Workstation version."); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote Windows host is affected by an elevation of privilege vulnerability."); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote host is 14.x prior to 14.1.6 or 15.x prior to 15.0.3. It is, therefore, affected by an elevation of privilege vulnerability in the creation of the VMX process on a windows host. An attacker with access to a host system may be able to hijack the path to the VMX executable or COM classes used by the VMX process leading to an elevation of privilege vulnerability."); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2019-0002.html"); script_set_attribute(attribute:"solution", value: "Upgrade to VMware Workstation version 14.1.6, 15.0.3, or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5512"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/14"); script_set_attribute(attribute:"patch_publication_date", value:"2019/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/21"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"General"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_detect.nasl", "vmware_workstation_linux_installed.nbin"); script_require_keys("installed_sw/VMware Workstation"); exit(0); } include("vcf.inc"); if (get_kb_item("SMB/Registry/Enumerated")) win_local = TRUE; app_info = vcf::get_app_info(app:"VMware Workstation", win_local:win_local); vcf::check_granularity(app_info:app_info, sig_segments:2); constraints = [ { "min_version" : "14", "fixed_version" : "14.1.6" }, { "min_version" : "15", "fixed_version" : "15.0.3" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

References

https://www.vmware.com/security/advisories/VMSA-2019-0002.html