Security Alert (A19-03-08): Multiple Vulnerabilities in VMware Products
29 March 2019
VMware has published a security advisory to address out-of-bounds vulnerability, Time-of-check Time-of-use vulnerability and unauthenticated APIs security vulnerability in virtual USB 1.1 UHCI (Universal Host Controller Interface), virtual network adapters and VMware Tools.
VMware vSphere ESXi version 6.0, 6.5, 6.7
VMware Workstation version 14.x and 15.x
VMware Fusion version 10.x and 11.x
Successful exploitation of the vulnerabilities could allow a guest to execute code on the host or a host user to perform unauthorised functions on the guest virtual machine.
The product vendor has released new versions to address the issues at the following website: