Security News > 2020 > October > VMware Patches Critical Code Execution Vulnerability in ESXi
VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.
VMware pointed out that the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the vulnerability.
The security hole has been patched in ESXi and VMware Cloud Foundation, the hybrid cloud platform designed by VMware for managing virtual machines and orchestrating containers.
Researcher Reno Robert informed VMware via ZDI that ESXi, Fusion and Workstation are affected by out-of-bounds read and out-of-bounds write bugs that can allow an attacker who has admin access to a VM to obtain information, escalate privileges and execute arbitrary code.
Thorsten Tüllmann of the Karlsruhe Institute of Technology informed VMware about a high-severity vulnerability in vCenter Server that can be exploited to hijack sessions.
News URL
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications (source)
- Experts Warn of Critical Unpatched Vulnerability in Linear eMerge E3 Systems (source)
- New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution (source)
- Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware (source)
- Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk (source)
- Fortinet releases patches for undisclosed critical FortiManager vulnerability (source)