VMware Security Advisory

VMSA-2020-0026 – ESXi, Workstation, and Fusion Vulnerabilities

VMware has released a new security advisory VMSA-2020-0026: VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005).

Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. This advisory documents the remediation of one critical issue and one important issue.

The Common Vulnerabilities and Exposures project has assigned the identifiers CVE-2020-4004 to the use-after-free vulnerability in XHCI USB controller and CVE-2020-4005 to the VMX elevation-of-privilege vulnerability.

Read More
VMware Security Advisory

VMSA-2020-0023 – VMware ESXi, Workstation, Fusion and NSX-T Vulnerabilities

VMware has released a new security advisory VMSA-2020-0023: VMware ESXi, Workstation, Fusion, NSX-T, and vCenter Server Appliance updates address multiple security vulnerabilities. VMware Cloud Foundation is also an impacted product.

ESXi OpenSLP remote code execution vulnerability (CVE-2020-3992)

OpenSLP as used in ESXi has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. If you can’t upgrade to the fixed version, as a workaround you can disable CIM server, documented in VMware KB 76372.

Affected products:

  • ESXi 7.0 – update to ESXi_7.0.1-0.0.16850804
  • ESXi 6.7 – update to ESXi670-202010401-SG
  • ESXi 6.5 – update to ESXi650-202010401-SG
  • VMware Cloud Foundation 4.x – update to 4.1
  • VMware Cloud Foundation 3.x – update to 3.10.1.1
Read More