VMware Releases Security Advisory Identifying Vulnerabilities
by Michael Trantas
Senior Solutions Architect
VMware recently released a security advisory (Advisory ID: VMSA-2020-0023) that identifies and addresses six vulnerabilities that affect multiple VMware products. In each case, these vulnerabilities could allow an attacker to remotely take control of an affected system.
Several of these vulnerabilities are considered “Critical” and Helient encourages anyone running VMware ESXi 6.5, 6.7 or 7.0 to apply the recommended workarounds and fixes as soon as possible. These fixes should also be applied to any environment running either VMware Workstation Pro/Player (Workstation), VMware Fusion Pro/Fusion, NSX-T or VMware Cloud Foundation.
- CVE-2020-3992 is a use-after-free vulnerability in ESXi OpenSLP that could allow for remote code execution.
- CVE-2020-3993 is a man-in-the-middle (MIITM) vulnerability in VMware NSX-T that could allow an attacker to compromise the transport node.
- CVE-2020-3981 is an out-of-bounds read vulnerability affecting VMware ESXi, Workstation and Fusion that could allow a malicious actor with administrative access to a virtual machine to leak memory.
- CVE-2020-3982 is an out-of-bounds write vulnerability affecting VMware ESXi, Workstation and Fusion that could allow a malicious actor with administrative access to a virtual machine to crash the vmx process or corrupt the hypervisor’s memory heap.
- CVE-2020-3994 is a session hijack vulnerability in VMware vCenter Server caused by a lack of certificate validation in the vCenter Server Appliance Management Interface update function.
- CVE-2020-3995 is a memory leak vulnerability in the VMCI host drivers that could allow an attacker to cause a memory resource exhaustion. VMware’s advisory provides patching and mitigation advice for each of these vulnerabilities, which we recommend reviewing and implementing as soon as possible.
Helient strongly recommends that thorough testing be performed prior to rolling out any fix to production systems. If you or your firm require any technical assistance, contact Helient’s experts via firstname.lastname@example.org.