7 matches found
ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2020-0026)
According to its self-reported version number, the remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities. - A use-after-free error exists in the XHCI USB controller. An unauthenticated, local attacker with local administrative privileges on a virtual machi...
VMSA-2020-0026 : VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities
a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi contains a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX proce...
CVE-2020-4005
creationtimestamp| type| source ---|---|--- 2020-11-20 22:43:03+00:00| seen| https://t.me/cibsecurity/16681 2020-11-23 12:28:43+00:00| seen| https://t.me/CyberGovIL/946 2020-11-23 12:30:01+00:00| seen|...
VMware Fixes Critical Flaw in ESXi Hypervisor
VMware has hurried out fixes for a critical flaw in its ESXi hypervisor, a few weeks after it was found during China’s Tianfu Cup hacking competition. The use-after-free vulnerability CVE-2020-4004 has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller...
CVE-2020-4005
VMware ESXi 7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate thei...
CVE-2020-4005
CVE-2020-4005 affects VMware ESXi 7.0 (before ESXi70U1b-17168206), 6.7 (before ESXi670-202011101-SG), and 6.5 (before ESXi650-202011301-SG). The issue is a privilege-escalation flaw in how certain system calls are managed, allowing a malicious actor with privileges inside the VMX process to escal...
VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)
3a. Use-after-free vulnerability in XHCI USB controller CVE-2020-4004 VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9....