VMware Security Advisory’s October 2020 [VMSA-2020-0023]
VMware has published security advisory VMSA-2020-0023 addressing vulnerabilities in VMware ESXi, Workstation, Fusion, NSX-T, and Cloud Foundation.
Overview
VMware has published security advisory VMSA-2020-0023 addressing vulnerabilities in VMware ESXi, Workstation, Fusion, NSX-T, and Cloud Foundation.
In total, six vulnerabilities are addressed: one critical, four important, and one moderate.
CVE-2020-3992 is a use-after-free vulnerability in ESXi OpenSLP that could allow for remote code execution.
CVE-2020-3993 is a man-in-the-middle (MIITM) vulnerability in VMware NSX-T that could allow an attacker to compromise the transport node.
CVE-2020-3981 is an out-of-bounds read vulnerability affecting VMware ESXi, Workstation and Fusion that could allow a malicious actor with administrative access to a virtual machine to leak memory.
CVE-2020-3982 is an out-of-bounds write vulnerability affecting VMware ESXi, Workstation and Fusion that could allow a malicious actor with administrative access to a virtual machine to crash the vmx process or corrupt the hypervisor’s memory heap.
CVE-2020-3994 is a session hijack vulnerability in VMware vCenter Server caused by a lack of certificate validation in the vCenter Server Appliance Management Interface update function.
CVE-2020-3995 is a memory leak vulnerability in the VMCI host drivers that could allow an attacker to cause a memory resource exhaustion.VMware’s advisory provides patching and mitigation advice for each of these vulnerability, which we recommend reviewing and implementing as soon as possible.
Reference
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.