TOCTOU Vulnerability in VMware ESXi, Workstation, and Fusion Allows Guest to Execute Code on Host

TOCTOU Vulnerability in VMware ESXi, Workstation, and Fusion Allows Guest to Execute Code on Host

CVE-2019-5519 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

Learn more about our Web Application Penetration Testing UK.