Security News > 2020 > October > VMware Patches Critical Code Execution Vulnerability in ESXi
VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.
VMware pointed out that the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the vulnerability.
The security hole has been patched in ESXi and VMware Cloud Foundation, the hybrid cloud platform designed by VMware for managing virtual machines and orchestrating containers.
Researcher Reno Robert informed VMware via ZDI that ESXi, Fusion and Workstation are affected by out-of-bounds read and out-of-bounds write bugs that can allow an attacker who has admin access to a VM to obtain information, escalate privileges and execute arbitrary code.
Thorsten Tüllmann of the Karlsruhe Institute of Technology informed VMware about a high-severity vulnerability in vCenter Server that can be exploited to hijack sessions.
News URL
Related news
- Researchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution (source)
- Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection (source)
- Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw (source)
- Ransomware gang uses SSH tunnels for stealthy VMware ESXi access (source)
- Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- Critical flaws in Mongoose library expose MongoDB to data thieves, code execution (source)