Security News > 2020 > October > VMware Patches Critical Code Execution Vulnerability in ESXi
VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.
VMware pointed out that the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the vulnerability.
The security hole has been patched in ESXi and VMware Cloud Foundation, the hybrid cloud platform designed by VMware for managing virtual machines and orchestrating containers.
Researcher Reno Robert informed VMware via ZDI that ESXi, Fusion and Workstation are affected by out-of-bounds read and out-of-bounds write bugs that can allow an attacker who has admin access to a VM to obtain information, escalate privileges and execute arbitrary code.
Thorsten Tüllmann of the Karlsruhe Institute of Technology informed VMware about a high-severity vulnerability in vCenter Server that can be exploited to hijack sessions.
News URL
Related news
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Critical vulnerability in Mastodon is pounced upon by fast-acting admins (source)
- Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros (source)
- Critical Patches Released for New Flaws in Cisco, Fortinet, VMware Products (source)
- RansomHouse gang automates VMware ESXi attacks with new MrAgent tool (source)
- VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk (source)
- WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites (source)
- VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws (source)
- Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) (source)