VMware has issued updates to fix two security issues the company rated as critical, one of which could lead to a remote session hijacking if exploited.
The hijacking issue, CVE-2019-5523, was in VMware vCloud Director for Service Providers resolves a remote session hijack vulnerability in the Tenant and Provider Portals. The problem attacker could access the Tenant or Provider Portals by impersonating a currently logged in session.
The advisory covered multiple issues (CVE-2019-5514, CVE-2019-5515, CVE-2019-5518, CVE-2019-5519, CVE-2019-5524) in VMware vSphere ESXi, VMware Workstation Pro / Player and VMware Fusion Pro/Fusion. These contain an out-of-bounds read/write vulnerabilities and a Time-of-check Time-of-use (TOCTOU) vulnerability in the virtual USB 1.1 UHCI (Universal Host Controller Interface). To exploit these flaws an attacker has to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host.
In addition, VMware Fusion contains a security vulnerability caused by certain unauthenticated APIs being accessible through a web socket. This can be exploited by tricking the host user to execute a JavaScript to perform unauthorized functions on the guest machine where VMware Tools is installed. This may further be exploited to execute commands on the guest machines.
Patches are available for all issues.
VMware issued security advisories in mid-March for VMware Workstation Pro/Player and VMware Horizon.
