CVE-2019-5540

HIGH

VMware Workstation 15.0.0-15.5.0 and Fusion 11.0.0-11.5.0 - Information Disclosure via vmnetdhcp Memory Leak

Title source: llm
STIX 2.1

Description

VMware Workstation (15.x before 15.5.1) and Fusion (11.x before 11.5.1) contain an information disclosure vulnerability in vmnetdhcp. Successful exploitation of this issue may allow an attacker on a guest VM to disclose sensitive information by leaking memory from the host process.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2019-0021.html

Scores

CVSS v3 7.7
EPSS 0.0022
EPSS Percentile 44.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Details

CWE
CWE-401
Status published
Products (2)
vmware/fusion 11.0.0 - 11.5.1
vmware/workstation 15.0.0 - 15.5.1
Published Nov 20, 2019
Tracked Since Feb 18, 2026