Allele Security Alert
ASA-2019-00563
Identifier(s)
ASA-2019-00563, CVE-2019-5535, VMSA-2019-0014
Title
Denial-of-service vulnerability due to improper handling of certain IPv6 packets
Vendor(s)
VMware
Product(s)
VMware Workstation
VMware Fusion
Affected version(s)
VMware Workstation 15.x versions before 15.5.0
VMware Fusion 11.x versions before 11.5.0
Fixed version(s)
VMware Workstation 15.x version 15.5.0
VMware Fusion 11.x version 11.5.0
Proof of concept
Unknown
Description
VMware Workstation and Fusion contain a network denial-of-service vulnerability due to improper handling of certain IPv6 packets. An attacker may exploit this issue by sending a specially crafted IPv6 packet from a guest machine on the VMware NAT to disallow network access for all guest machines using VMware NAT mode. This issue can be exploited only if IPv6 mode for VMNAT is enabled.
Technical details
Unknown
Credits
Carlos Garcia Prado (FireEye)
Reference(s)
VMSA-2019-0014
https://www.vmware.com/security/advisories/VMSA-2019-0014.html
CVE-2019-5535
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5535
CVE-2019-5535
https://nvd.nist.gov/vuln/detail/CVE-2019-5535
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 23, 2019