VMware this week knowledgeable prospects that it has patched a number of vulnerabilities in its ESXi, Workstation, Fusion and NSX-T merchandise, together with a crucial flaw that enables arbitrary code execution.
The crucial vulnerability, recognized as CVE-2020-3992, has been described as a use-after-free concern that impacts the OpenSLP service in ESXi.
The vulnerability was reported to VMware on July 22 by Lucas Leong of Development Micro’s Zero Day Initiative (ZDI). In its personal advisory, ZDI stated the vulnerability may be exploited by a distant, unauthenticated attacker to execute arbitrary code.
“The precise flaw exists inside the processing of SLP messages. The difficulty outcomes from the shortage of validating the existence of an object previous to performing operations on the thing. An attacker can leverage this vulnerability to execute code within the context of the SLP daemon,” ZDI stated.
Nevertheless, VMware identified that the attacker must be on the administration community and have entry to port 427 on an ESXi machine with a purpose to exploit the vulnerability.
The safety gap has been patched in ESXi and VMware Cloud Basis, the hybrid cloud platform designed by VMware for managing digital machines and orchestrating containers.
In NSX-T, VMware patched a high-severity weak spot, CVE-2020-3993, which is expounded to how a KVM host is allowed to obtain and set up packages from the NSX supervisor. An MitM attacker might be able to exploit it to compromise transport nodes.
Researcher Reno Robert knowledgeable VMware by way of ZDI that ESXi, Fusion and Workstation are affected by out-of-bounds learn and out-of-bounds write bugs that may permit an attacker who has admin entry to a VM to acquire data, escalate privileges and execute arbitrary code.
“The precise flaw exists inside the implementation of the BDOOR_CMD_PATCH _ACPI_TABLES command. The difficulty outcomes from the shortage of correct locking when performing operations on an object,” ZDI wrote in its advisories for each points.
The identical VMware merchandise are additionally impacted by a reminiscence leak concern that exists within the VMCI host drivers and which may permit an attacker with entry to a VM to trigger a DoS situation.
Thorsten Tüllmann of the Karlsruhe Institute of Expertise knowledgeable VMware a few high-severity vulnerability in vCenter Server that may be exploited to hijack periods. The flaw is tracked as CVE-2020-3994.
“A malicious actor with community positioning between vCenter Server and an replace repository might be able to carry out a session hijack when the vCenter Server Equipment Administration Interface is used to obtain vCenter updates,” VMware defined.
Associated: VMware to Patch Latest Salt Vulnerabilities in vROps
Associated: Google Researcher Finds Vulnerability in VMware Virtualization Merchandise
Associated: VMware Fixes Fusion Vulnerability Launched by Earlier Patch
cve-2019-5544 exploit,vmsa-2019-0020,vmsa-2019-0019,vmsa-2019-0013,esxi 6.5 201912001,vmsa-2020-0011,vmware vulnerability 2020,vmware tools vulnerability 2020,vmware cve-2020 3958,cve-2020-3960 vmware,vmsa-2020-0013,vmware security acquisition,cve-2019-5519,esxi670-201903001,vmsa-2018-0026,vmsa-2018-0027,vmsa-2019-0006,vmware security advisory vmsa 2019 0014,cve-2019-5527,vmware esxi exploit,cve-2017-16544,esxi670-201912001,vmware esxi 6.5 exploit,vulnerabilities in vmware,vmware esxi 6.0 0 vulnerabilities,cve-2018-6982,cve-2019-5544,vmware esxi vulnerability,cve-2019-5544 vmware,vmware esxi openslp,vmware critical cve