cve/2019/CVE-2019-5519.md

### [CVE-2019-5519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5519)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi%2C%20Workstation%2C%20Fusion&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Time-of-check%20Time-of-use%20(TOCTOU)%20vulnerability&color=brighgreen)

### Description

VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

### POC

#### Reference
- http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html
- http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html

#### Github
- https://github.com/ARPSyndicate/cvemon
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-5519](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5519)`
			`![](https://img.shields.io/static/v1?label=Product&message=VMware%20ESXi%2C%20Workstation%2C%20Fusion&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Time-of-check%20Time-of-use%20(TOCTOU)%20vulnerability&color=brighgreen)`

			`### Description`

			VMware ESXi (6.7 before ESXi670-201903001, 6.5 before ESXi650-201903001, 6.0 before ESXi600-201903001), Workstation (15.x before 15.0.4, 14.x before 14.1.7), Fusion (11.x before 11.0.3, 10.x before 10.1.6) contain a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). Exploitation of this issue requires an attacker to have access to a virtual machine with a virtual USB controller present. This issue may allow a guest to execute code on the host.

			`### POC`

			`#### Reference`
			`- http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- http://packetstormsecurity.com/files/152290/VMware-Security-Advisory-2019-0005.html`
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00
			`#### Github`
			`- https://github.com/ARPSyndicate/cvemon`