Security News > 2020 > October > VMware patches, among other things, ESXi flaw that can be abused by miscreants on the network to hijack hosts

VMware patches, among other things, ESXi flaw that can be abused by miscreants on the network to hijack hosts
2020-10-20 20:14

Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software.

In an advisory published this morning, VMware revealed six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products.

CVE-2020-3992, which tops the list with a 9.8 out of 10 CVSS severity rating, is a use-after-free vuln in the ESXi hypervisor that can be exploited via the network to run malicious code on the target host.

Two of the other vulns affect Workstation, which can be exploited by an admin user in a guest virtual machine to crash or disrupt the underlying host hypervisor.

The Netherlands' National Cyber Security Centre reckoned that the potential damage caused through exploiting the vulns would be "Medium." .


News URL

https://go.theregister.com/feed/www.theregister.com/2020/10/20/vmware_adobe_critical_cve_patches/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-20 CVE-2020-3992 Use After Free vulnerability in VMWare Esxi 6.5/6.7
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue.
network
low complexity
vmware CWE-416
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591