Security News > 2020 > November > VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator
VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes.
Vulnerabilities in ESXi hypervisor exploited during a hacking competition.
CVE-2020-4004 affects various versions of ESXi, but also VMware Fusion, VMware Workstation Player and VMware Cloud Foundation.
The vulnerabilities are not deemed to be critical, as attackers need to be authenticated in order to exploit them.
Admins have been advised to upgrade their SD-WAN Orchestrator installations to version 4.0.1, 3.4.4, or 3.3.2 P3. Half of the vulnerabilities have been discovered and reported by Ariel Tempelhof of Realmode Labs, the other half by Christopher Schneider, Cory Billington and Nicholas Spagnola, penetration test analysts at State Farm.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/Xg4_Pzuqjjo/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-20 | CVE-2020-4004 | Use After Free vulnerability in VMWare products VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. | 8.2 |