CVE-2019-5514

Summary

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.

Affected Software

VendorProductVersion RangeStatus
VMwareVMware Fusion11.x before 11.0.3affected

Weaknesses

  • Unauthenticated APIs Security vulnerability

ADP Enrichment

CVE Program Container

Additional References

References