|CERT-In Vulnerability Note
Multiple Vulnerabilities in VMware Products
Original Issue Date:November 26, 2019
Severity Rating: HIGH
- VMware Workstation versions 15.x prior to 15.5.1
- VMware Fusion versions 11.x prior to 11.5.1
Multiple vulnerabilities have been reported in VMware products which could be exploited by an attacker to access sensitive information, execute arbitrary code or cause denial of service (DoS) conditions on a targeted system.
1. Information Disclosure Vulnerability
This vulnerability exists in VMware products due to improper handling of vmnet dhcp. An attacker could exploit this vulnerability by executing a specially crafted application leading to memory leakage.
Successful exploitation of this vulnerability could allow the attacker on a guest virtual machine to gain sensitive information.
2. Out-of-Bounds Write Vulnerability
This vulnerability exists in the e1000e virtual network adapter of VMWare products due to an out-of-bounds write error. An attacker could exploit this vulnerability by executing a specially crafted application.
Successful exploitation of this vulnerability could allow the attacker to execute code on the host from the guest system or lead to denial of service conditions.
3. Denial-of-Service Vulnerability
This vulnerability exists in VMware products due to an error in the RPC handler. An attacker could exploit this vulnerability by executing a specially crafted application.
Successful exploitation of this vulnerability could allow attacker to cause denial of service conditions on the affected system.
Apply appropriate fixes as issued by vendor in
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003