Security News > 2020 > October > VMware Patches Critical Code Execution Vulnerability in ESXi
VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.
VMware pointed out that the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the vulnerability.
The security hole has been patched in ESXi and VMware Cloud Foundation, the hybrid cloud platform designed by VMware for managing virtual machines and orchestrating containers.
Researcher Reno Robert informed VMware via ZDI that ESXi, Fusion and Workstation are affected by out-of-bounds read and out-of-bounds write bugs that can allow an attacker who has admin access to a VM to obtain information, escalate privileges and execute arbitrary code.
Thorsten Tüllmann of the Karlsruhe Institute of Technology informed VMware about a high-severity vulnerability in vCenter Server that can be exploited to hijack sessions.
News URL
Related news
- Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking (source)
- IBM scores perfect 10 ... vulnerability in mission-critical OS AIX (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Next.js Vulnerability Allows Attackers to Bypass Middleware Authorization Checks (source)