Severity Rating: HIGH
Software Affected
· VMware ESXi versions 7.0, 6.7, 6.5
· VMware Workstation Pro / Player versions prior to 15.5.5
· VMware Fusion Pro / Fusion versions prior to 11.5.5
· VMware Cloud Foundation 4.x versions prior to 4.0.1
· VMware Cloud Foundation 3.x versions prior to 3.10.0.1
Overview
Multiple vulnerabilities have been reported in VMware products which could
allow an attacker with local access to a virtual machine to execute
arbitrary code, cause denial of service conditions or access sensitive
information on a targeted hypervisor system.
Description
These vulnerabilities exist in VMware products due to use-after-free,
heap-overflow, off-by-one heap-overflow, out-of-bounds read, out-of-bounds
write, heap-overflow due to race condition and other errors in SVGA device,
Shader Functionality, EHCI controller, xHCI controller, xHCI USB
controller, EHCI USB controller, PVNVRAM and vmxnet3 components.
Successful exploitation of these vulnerabilities could allow an attacker
with local access to a virtual machine to execute arbitrary code, cause
denial of service conditions or access sensitive information on the
targeted hypervisor system.
Solution
Apply appropriate patches or workarounds as mentioned in VMware advisory.
Vendor Information
VMware
References
CyberSecurityHelp
CVE Name
CVE-2020-3962
CVE-2020-3963
CVE-2020-3964
CVE-2020-3965
CVE-2020-3966
CVE-2020-3967
CVE-2020-3968
CVE-2020-3969
CVE-2020-3970
CVE-2020-3971
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.