Security News > 2020 > November > VMware Issues Updated Fix For Critical ESXi Flaw

VMware Issues Updated Fix For Critical ESXi Flaw
2020-11-04 16:17

VMware issued an updated fix for a critical-severity remote code execution flaw in its ESXi hypervisor products.

"Updated patch versions in the response matrix of section 3a after release of ESXi patches that completed the incomplete fix for CVE-2020-3992 on 2020-11-04," said Oracle's updated advisory.

The flaw exists in the OpenSLP feature of VMware ESXi.

While before the advisory said the flaw affects ESXi versions 6.5, 6.7 and 7.0; affected products have now been updated to include ESXi implementations on the VMware Cloud Foundation 3.x and 4.x. VMware Cloud Foundation is the hybrid cloud platform for managing VMs and orchestrating containers, built on full-stack hyperconverged infrastructure technology.

While ESXi users can update to fixed versions ESXi70U1a-17119627, ESXi670-202011301-SG and ESXi650-202011401-SG, a patch is still "Pending" for affected VMware Cloud Foundation versions.


News URL

https://threatpost.com/vmware-updated-fix-critical-esxi-flaw/160944/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-10-20 CVE-2020-3992 Use After Free vulnerability in VMWare Esxi 6.5/6.7
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue.
network
low complexity
vmware CWE-416
critical
 10.0
10

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 83 403 198 101 785