Vulnerabilities > CVE-2019-5540 - Memory Leak vulnerability in VMWare Fusion and Workstation

CVSS 7.7 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

vmware

CWE-401

nessus

NVD

Published: 2019-11-20

Updated: 2020-08-24

Summary

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Workstation 15.0.0 Vmware Workstation 15.0.1 Vmware Workstation 15.0.2 Vmware Workstation 15.0.3 Vmware Workstation 15.0.4 Vmware Workstation 15.1.0 Vmware Workstation 15.5.0 Vmware Fusion 11.0.0 Vmware Fusion 11.0.1 Vmware Fusion 11.0.2 Vmware Fusion 11.0.3 Vmware Fusion 11.1.0 Vmware Fusion 11.1.1 Vmware Fusion 11.5.0	21
OS	Apple Apple MAC OS X -	1

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Nessus

NASL family	Windows
NASL id	VMWARE_WORKSTATION_VMSA_2019_0021.NASL
description	The version of VMware Workstation installed on the remote Windows host is 15.0.x prior to 15.5.1. It is, therefore, affected by multiple vulnerabilities: - An unspecified information disclosure vulnerability in vmnetdhcp. (CVE-2019-5540) - An unspecified out-of-bounds write vulnerability in the e1000e virtual network adapter. (CVE-2019-5541) - An unspecified denial-of-service vulnerability in the RPC handler. (CVE-2019-5542) - Unspecified vulnerabilities related to hypervisor-specific mitigations for TSX Asynchronous Abort (TAA). (CVE-2019-11135)
last seen	2020-03-21
modified	2019-11-20
plugin id	131129
published	2019-11-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131129
title	VMware Workstation 15.0.x < 15.5.1 Multiple Vulnerabilities (VMSA-2019-0020, VMSA-2019-0021)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131129); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/20"); script_cve_id( "CVE-2019-5540", "CVE-2019-5541", "CVE-2019-5542", "CVE-2019-11135" ); script_xref(name:"VMSA", value:"2019-0020"); script_xref(name:"VMSA", value:"2019-0021"); script_name(english:"VMware Workstation 15.0.x < 15.5.1 Multiple Vulnerabilities (VMSA-2019-0020, VMSA-2019-0021)"); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote Windows host is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of VMware Workstation installed on the remote Windows host is 15.0.x prior to 15.5.1. It is, therefore, affected by multiple vulnerabilities: - An unspecified information disclosure vulnerability in vmnetdhcp. (CVE-2019-5540) - An unspecified out-of-bounds write vulnerability in the e1000e virtual network adapter. (CVE-2019-5541) - An unspecified denial-of-service vulnerability in the RPC handler. (CVE-2019-5542) - Unspecified vulnerabilities related to hypervisor-specific mitigations for TSX Asynchronous Abort (TAA). (CVE-2019-11135)"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2019-0020.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2019-0021.html"); script_set_attribute(attribute:"solution", value: "Update to VMware Workstation version 15.5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5541"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/12"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:workstation"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("vmware_workstation_detect.nasl"); script_require_keys("SMB/Registry/Enumerated", "installed_sw/VMware Workstation"); exit(0); } include('vcf.inc'); get_kb_item_or_exit('SMB/Registry/Enumerated'); app_info = vcf::get_app_info(app:'VMware Workstation', win_local:TRUE); constraints = [ { 'min_version' : '15.0', 'fixed_version' : '15.5.1' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_FUSION_VMSA_2019_0021.NASL
description	The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.0.x prior to 11.5.1. It is, therefore, affected by multiple vulnerabilities: - An unspecified information disclosure vulnerability in vmnetdhcp. (CVE-2019-5540) - An unspecified out-of-bounds write vulnerability in the e1000e virtual network adapter. (CVE-2019-5541) - An unspecified denial-of-service vulnerability in the RPC handler. (CVE-2019-5542) - Unspecified vulnerabilities related to hypervisor-specific mitigations for TSX Asynchronous Abort (TAA). (CVE-2019-11135)
last seen	2020-03-21
modified	2019-11-20
plugin id	131128
published	2019-11-20
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/131128
title	VMware Fusion 11.0.x < 11.5.1 Multiple Vulnerabilities (VMSA-2019-0020, VMSA-2019-0021)
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131128); script_version("1.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/20"); script_cve_id( "CVE-2019-5540", "CVE-2019-5541", "CVE-2019-5542", "CVE-2019-11135" ); script_xref(name:"VMSA", value:"2019-0020"); script_xref(name:"VMSA", value:"2019-0021"); script_name(english:"VMware Fusion 11.0.x < 11.5.1 Multiple Vulnerabilities (VMSA-2019-0020, VMSA-2019-0021)"); script_set_attribute(attribute:"synopsis", value: "A virtualization application installed on the remote macOS or Mac OS X host is affected by multiple vulnerabilities"); script_set_attribute(attribute:"description", value: "The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.0.x prior to 11.5.1. It is, therefore, affected by multiple vulnerabilities: - An unspecified information disclosure vulnerability in vmnetdhcp. (CVE-2019-5540) - An unspecified out-of-bounds write vulnerability in the e1000e virtual network adapter. (CVE-2019-5541) - An unspecified denial-of-service vulnerability in the RPC handler. (CVE-2019-5542) - Unspecified vulnerabilities related to hypervisor-specific mitigations for TSX Asynchronous Abort (TAA). (CVE-2019-11135)"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2019-0020.html"); script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2019-0021.html"); script_set_attribute(attribute:"solution", value: "Update to VMware Fusion version 11.5.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5541"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/12"); script_set_attribute(attribute:"patch_publication_date", value:"2019/11/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/20"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:vmware:fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_fusion_detect.nasl"); script_require_keys("Host/local_checks_enabled", "installed_sw/VMware Fusion"); exit(0); } include('vcf.inc'); app_info = vcf::get_app_info(app:'VMware Fusion'); constraints = [ { 'min_version' : '11.0', 'fixed_version' : '11.5.1' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

References

https://www.vmware.com/security/advisories/VMSA-2019-0021.html