High
VMWare Fusion APIs available without auth via web socket (CVE-2019-5514)
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
High
(3 users assessed)
Low
(3 users assessed)Unknown
Unknown
Unknown
VMWare Fusion APIs available without auth via web socket (CVE-2019-5514)
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Description
VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Add Assessment
Ratings
-
Attacker ValueMedium
-
ExploitabilityLow
Technical Analysis
From the theevilbit write-up I can’t tell if arguments can be provided to the programs that are launched in the VMs. If arguments can be provided to the launched programs then this would be worse.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild Report
Ratings
-
Attacker ValueHigh
-
ExploitabilityVery Low
Technical Analysis
This need some sort of vector to trick the user. Probably not that hard via watering hole attack somewhere that vmware user congregate.
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild Report
Ratings
-
Attacker ValueMedium
Technical Analysis
Would you also like to delete your Exploited in the Wild Report?
Delete Assessment Only Delete Assessment and Exploited in the Wild ReportGeneral Information
References
Additional Info
Technical Analysis
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
