VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x prior to 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware esxi 7.0.0 |
||
vmware esxi 6.7 |
||
vmware esxi 6.5 |
||
vmware cloud foundation |
||
vmware workstation |
||
vmware workstation player |
||
vmware fusion |
Adobe issues out-of-band patches, too, for Photoshop, Illustrator, InDesign, After Effects, etc Cisco warns VMware code bug can leave hyperconverged tin ‘unrecoverable’
Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software. In an advisory published this morning, VMware revealed six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products. CVE-2020-3992, which tops the list with a 9.8 out of 10 CVSS severity rating, is a use-after-free vuln in the ESXi hypervisor that can be exploited via the network to run malicious code on the target host. The IT giant said: “A mal...