Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_VMSA-2020-0011.NASL
HistoryJun 02, 2020 - 12:00 a.m.

VMSA-2020-0011 : VMware ESXi updates address multiple security vulnerabilities

2020-06-0200:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
43

4.5 Medium

AI Score

Confidence

High

JSON

b. Denial-of-service vulnerability in Shader functionality (CVE-2020-3958)

Description :
VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. Exploitation of this issue requires an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi.

Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine’s vmx process leading to a denial of service condition.

c. Memory leak vulnerability in VMCI module (CVE-2020-3959) Description :

VMware ESXi, Workstation and Fusion contain a memory leak vulnerability in the VMCI module.
A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine’s vmx process leading to a partial denial of service.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from VMware Security Advisory 2020-0011. 
# The text itself is copyright (C) VMware Inc.
#

include('compat.inc');

if (description)
{
  script_id(137047);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");

  script_cve_id("CVE-2020-3958", "CVE-2020-3959");
  script_xref(name:"VMSA", value:"2020-0011");
  script_xref(name:"IAVA", value:"2020-A-0234");

  script_name(english:"VMSA-2020-0011 : VMware ESXi updates address multiple security vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi host is missing one or more security-related
patches.");
  script_set_attribute(attribute:"description", value:
"b. Denial-of-service vulnerability in Shader functionality (CVE-2020-3958)

Description :
VMware ESXi, Workstation and Fusion contain a denial-of-service
vulnerability in the shader functionality. Exploitation of this issue
requires an attacker to have access to a virtual machine with 3D
graphics enabled. It is not enabled by default on ESXi.

Successful exploitation of this issue may allow attackers with
non-administrative access to a virtual machine to crash the virtual
machine's vmx process leading to a denial of service condition.

c. Memory leak vulnerability in VMCI module (CVE-2020-3959)
Description :

VMware ESXi, Workstation and Fusion contain a memory leak
vulnerability in the VMCI module.
 
A malicious actor with local non-administrative access to a virtual
machine may be able to crash the virtual machine's vmx process leading
to a partial denial of service.");
  script_set_attribute(attribute:"see_also", value:"http://lists.vmware.com/pipermail/security-announce/2020/000496.html");
  script_set_attribute(attribute:"solution", value:
"Apply the missing patches.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-3959");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-3958");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi:6.7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"VMware ESX Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/VMware/release", "Host/VMware/version");
  script_require_ports("Host/VMware/esxupdate", "Host/VMware/esxcli_software_vibs");

  exit(0);
}


include("audit.inc");
include("vmware_esx_packages.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/VMware/release")) audit(AUDIT_OS_NOT, "VMware ESX / ESXi");
if (
  !get_kb_item("Host/VMware/esxcli_software_vibs") &&
  !get_kb_item("Host/VMware/esxupdate")
) audit(AUDIT_PACKAGE_LIST_MISSING);


init_esx_check(date:"2020-05-28");
flag = 0;


if (esx_check(ver:"ESXi 6.5", vib:"VMware:esx-base:6.5.0-3.126.16207673")) flag++;
if (esx_check(ver:"ESXi 6.5", vib:"VMware:esx-tboot:6.5.0-3.126.16207673")) flag++;
if (esx_check(ver:"ESXi 6.5", vib:"VMware:vsan:6.5.0-3.126.15965595")) flag++;
if (esx_check(ver:"ESXi 6.5", vib:"VMware:vsanhealth:6.5.0-3.126.15965596")) flag++;

if (esx_check(ver:"ESXi 6.7", vib:"VMware:esx-base:6.7.0-3.99.15999342")) flag++;
if (esx_check(ver:"ESXi 6.7", vib:"VMware:esx-update:6.7.0-3.99.15999342")) flag++;
if (esx_check(ver:"ESXi 6.7", vib:"VMware:vsan:6.7.0-3.99.15853015")) flag++;
if (esx_check(ver:"ESXi 6.7", vib:"VMware:vsanhealth:6.7.0-3.99.15853016")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:esx_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
vmwareesxi6.5cpe:/o:vmware:esxi:6.5
vmwareesxi6.7cpe:/o:vmware:esxi:6.7

Related

kaspersky 1
nessus 2
vmware 2
prion 2
talos 1
cvelist 2
ibm 1
cve 2
kaspersky
kaspersky
KLA12096 Multiple vulnerabilities in VMware Workstation and Player
2020-05-28 00:00:00
nessus
nessus
VMware Workstation 15.x < 15.1.0 / 15.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0011)
2020-06-03 00:00:00
VMware Fusion 11.x < 11.5.5 Multiple Vulnerabilities (VMSA-2020-0011)
2020-06-03 00:00:00
vmware
vmware
VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959)
2020-05-28 00:00:00
VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959)
2020-05-28 00:00:00
prion
prion
Race condition
2020-05-29 20:15:00
Memory corruption
2020-05-29 20:15:00
talos
talos
VMware Workstation 15 shader functionality round_ni denial of service vulnerability
2020-06-01 00:00:00
cvelist
cvelist
CVE-2020-3959
2020-05-29 19:49:35
CVE-2020-3958
2020-05-29 19:42:41
ibm
ibm
Security Bulletin: IBM Cloud Pak System is affected by a vulnerability in VMware component
2020-09-30 23:52:24
cve
cve
CVE-2020-3959
2020-05-29 20:15:00
CVE-2020-3958
2020-05-29 20:15:00

4.5 Medium

AI Score

Confidence

High

JSON
Related for VMWARE_VMSA-2020-0011.NASL
kaspersky1nessus2vmware2prion2talos1cvelist2ibm1cve2