VMware has released a new security advisory: “VMSA-2017-0021 – VMware ESXi, vCenter Server Appliance, Workstation and Fusion updates address multiple security vulnerabilities”.
Among affected products, we find vCenter Server Appliance 6.5, ESXi (5.5, 6.0, and 6.5), Workstation 12.x, and Fusion 8.x.
VMSA-2017-0021 – ESXi, Workstation, and Fusion stack overflow via authenticated VNC session
CVE-2017-4941 – VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a stack overflow via a specific set of VNC packets. A successful exploitation will result in remote code execution in a virtual machine via the authenticated VNC session. As prerequisites for a successful exploit, VNC must be manually enabled in a virtual machine’s .vmx configuration file and ESXi must be configured to allow VNC traffic through the firewall.
Affected products and versions:
- ESXi 5.5 and 6.0 (install patches ESXi550-201709101-SG or ESXi600-201711101-SG)
- Workstation 12.x (upgrade to version 12.5.8)
- Fusion 8.x (upgrade to version 8.5.9)
VMSA-2017-0021 – ESXi, Workstation, and Fusion heap overflow via authenticated VNC session
CVE-2017-4933 – VMware ESXi, Workstation, and Fusion contain a vulnerability that could allow an authenticated VNC session to cause a heap overflow resulting in heap corruption. A successful exploitation will result in remote code execution. As prerequisites for a successful exploit, VNC must be manually enabled in a virtual machine’s .vmx configuration file and ESXi must be configured to allow VNC traffic through the firewall.
Affected products and versions:
- ESXi 6.5 (install patch ESXi650-201710401-BG)
- Workstation 12.x (upgrade to version 12.5.8)
- Fusion 8.x (upgrade to version 8.5.9)
VMSA-2017-0021 – ESXi Host Client stored cross-site scripting vulnerability
CVE-2017-4940 – The ESXi Host Client has a vulnerability that may allow for stored cross-site scripting (XSS). Injecting JavaScript code, an attacker can exploit this vulnerability resulting in code execution.
Affected products and versions:
- ESXi 6.5 (install patch ESXi650-201712103-SG)
- ESXi 6.0 (install patch ESXi600-201711103-SG)
- ESXi 5.5 (install patch ESXi550-201709102-SG)
VMSA-2017-0021 – Privilege escalation in vCenter Server Appliance (vCSA)
CVE-2017-4943 – VMware vCenter Server Appliance (vCSA) has a local privilege escalation vulnerability via the ‘showlog’ plugin. A low privileged user can gain root level privileges in the appliance operating system. This issue affects vCSA 6.5. To fix it, update to the newly released vCSA 6.5 Update 1d.
You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.