High
VMWare Fusion APIs available without auth via web socket (CVE-2019-5514)
Add Reference
Description
URL
Type
High
(3 users assessed)
Low
(3 users assessed)Unknown
Unknown
Unknown
VMWare Fusion APIs available without auth via web socket (CVE-2019-5514)
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityLow
Technical Analysis
From the theevilbit write-up I can’t tell if arguments can be provided to the programs that are launched in the VMs. If arguments can be provided to the launched programs then this would be worse.
Ratings
-
Attacker ValueHigh
-
ExploitabilityVery Low
Technical Analysis
This need some sort of vector to trick the user. Probably not that hard via watering hole attack somewhere that vmware user congregate.
Ratings
-
Attacker ValueMedium
Technical Analysis
General Information
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
What do we mean by "exploited in the wild"?
By selecting this, you are verifying to the AttackerKB community that either you, or a reputable source (example: a security vendor or researcher), has observed an active attempt by attackers, or IOCs related, to exploit this vulnerability outside of a research environment.
A vulnerability should also be considered "exploited in the wild" if there is a publicly available PoC or exploit (example: in an exploitation framework like Metasploit).
