CVE-2019-5522

{"id": "CVE-2019-5522", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2019-06-06T19:29:00.830", "references": [{"url": "http://www.securityfocus.com/bid/108673", "tags": ["Third Party Advisory", "VDB Entry"], "source": "security@vmware.com"}, {"url": "https://www.vmware.com/security/advisories/VMSA-2019-0009.html", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}, {"url": "http://www.securityfocus.com/bid/108673", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vmware.com/security/advisories/VMSA-2019-0009.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "VMware Tools for Windows update addresses an out of bounds read vulnerability in vm3dmp driver which is installed with vmtools in Windows guest machines. This issue is present in versions 10.2.x and 10.3.x prior to 10.3.10. A local attacker with non-administrative access to a Windows guest with VMware Tools installed may be able to leak kernel information or create a denial of service attack on the same Windows guest machine."}, {"lang": "es", "value": "La actualizaci\u00f3n de VMware Tools para Windows corrige una vulnerabilidad de lectura fuera de l\u00edmites en el controlador vm3dmp, que se instala con vmtools en m\u00e1quinas invitadas de Windows. Este problema est\u00e1 presente en las versiones 10.2. x y 10.3. x antes de 10.3.10. Es posible que un atacante local con acceso no administrativo a un invitado de Windows con VMware Tools instalado pueda filtrar la informaci\u00f3n del kernel o crear un ataque de denegaci\u00f3n de servicio en la misma m\u00e1quina de invitados de Windows."}], "lastModified": "2024-11-21T04:45:06.360", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A0F8AAC-900C-49C0-B4C0-483104803D7F", "versionEndExcluding": "10.3.10", "versionStartIncluding": "10.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@vmware.com"}