HTTP: VMware Fusion Guest VM CVE-2019-5514 RCE

This signature detects attempts to exploit a known vulnerability against VMware Fusion. A successful attack can lead to arbitrary code execution on the guest machine.

Extended Description

VMware VMware Fusion (11.x before 11.0.3) contains a security vulnerability due to certain unauthenticated APIs accessible through a web socket. An attacker may exploit this issue by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.

Affected Products

Vmware fusion

References

CVE: CVE-2019-5514

Short Name
HTTP:STC:DL:VMWARE-FUSION-RCE
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2019-5514 Fusion Guest RCE VM VMware
Release Date
06/20/2019
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3337
False Positive
Unknown
Vendors

Vmware

CVSS Score

6.8

Found a potential security threat?