Security News > 2020 > October > VMware Patches Critical Code Execution Vulnerability in ESXi

VMware Patches Critical Code Execution Vulnerability in ESXi
2020-10-21 14:45

VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.

VMware pointed out that the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the vulnerability.

The security hole has been patched in ESXi and VMware Cloud Foundation, the hybrid cloud platform designed by VMware for managing virtual machines and orchestrating containers.

Researcher Reno Robert informed VMware via ZDI that ESXi, Fusion and Workstation are affected by out-of-bounds read and out-of-bounds write bugs that can allow an attacker who has admin access to a VM to obtain information, escalate privileges and execute arbitrary code.

Thorsten Tüllmann of the Karlsruhe Institute of Technology informed VMware about a high-severity vulnerability in vCenter Server that can be exploited to hijack sessions.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/QIKvfsUqS4I/vmware-patches-critical-code-execution-vulnerability-esxi

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 85 404 200 101 790