Security News > 2020 > November > VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator
2020-11-20 11:39

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes.

Vulnerabilities in ESXi hypervisor exploited during a hacking competition.

CVE-2020-4004 affects various versions of ESXi, but also VMware Fusion, VMware Workstation Player and VMware Cloud Foundation.

The vulnerabilities are not deemed to be critical, as attackers need to be authenticated in order to exploit them.

Admins have been advised to upgrade their SD-WAN Orchestrator installations to version 4.0.1, 3.4.4, or 3.3.2 P3. Half of the vulnerabilities have been discovered and reported by Ariel Tempelhof of Realmode Labs, the other half by Christopher Schneider, Cory Billington and Nicholas Spagnola, penetration test analysts at State Farm.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/Xg4_Pzuqjjo/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-20 CVE-2020-4004 Use After Free vulnerability in VMWare products
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller.
local
low complexity
vmware CWE-416
4.6

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 83 405 204 107 799