Security News > 2020 > November > Patch for Critical VMware ESXi Vulnerability Incomplete
2020-11-04 16:02
VMware on Wednesday informed customers that it has released new patches for ESXi after learning that a fix made available last month for a critical vulnerability was incomplete.
VMware said the attacker needs to be on the management network and have access to port 427 on an ESXi machine in order to exploit the flaw.
VMware updated its initial advisory on Wednesday to inform customers that the patches had been incomplete.
New fixes have now been released for ESXi 6.5, 6.7 and 7.0, but patches are still pending for VMware Cloud Foundation, the hybrid cloud platform for managing virtual machines and orchestrating containers.
VMware failing to patch a vulnerability on the first try is not unheard of.
News URL
Related news
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged (source)
- Microsoft Fixes 72 Flaws, Including Patch for Actively Exploited CLFS Vulnerability (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- Critical OpenWrt Vulnerability Exposes Devices to Malicious Firmware Injection (source)
- BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356) (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)