CERT-In Advisory: vmware

Showing posts with label vmware. Show all posts

Fwd: [CIVN-2020-0194] Multiple Vulnerabilities in VMware vRealize Operations Application Remote Collector (ARC)

Ajay Verma authentication bypass , CVE-2020-11651 , CVE-2020-11652 , path traversal , risk high , vmware , vrealisze , vulnerability 01:59

Severity Rating: HIGH

Software Affected

•VMware Application Remote Collector (ARC) version 7.5.0

•VMware Application Remote Collector (ARC) version 8.0.x

•VMware Application Remote Collector (ARC) version 8.1.0

Overview

Multiple vulnerabilities have been reported in VMware vRealize Operations

Application Remote Collector (ARC) which could allow a remote attacker to

bypass authentication and gain access to file system on the targeted

system.

Description

1. Authentication Bypass Vulnerability in VMware vRealize Operations

Application Remote Collector (ARC) ( CVE-2020-11651 )

This vulnerability exists in VMware vRealize Operations Application Remote

Collector (ARC) when the salt-master process ClearFuncs class does not

properly validate method calls. A remote attacker could exploit this

vulnerability by executing arbitrary code on the affected systems.

Successful exploitation of this vulnerability could allow a remote attacker

with network access to port 4505 or 4506 on the ARC to take control of the

ARC and any Virtual Machines.

2. Directory Traversal Vulnerability in VMware vRealize Operations

Application Remote Collector (ARC) ( CVE-2020-11652 )

This vulnerability exists in VMware vRealize Operations Application Remote

Collector (ARC) when the salt-master process ClearFuncs class allows access

to improperly sanitize paths of some methods. A remote attacker could

exploit this vulnerability by executing arbitrary code on the affected

systems.

Successful exploitation of this vulnerability could allow a remote attacker

with network access to port 4505 or 4506 on the ARC to access the entirety

of the ARC file system.

Solution

Apply appropriate fix as mentioned in VMwares Security Advisory:

https://www.vmware.com/security/advisories/VMSA-2020-0009.html

Vendor Information

VMware

https://www.vmware.com/security/advisories/VMSA-2020-0009.html

References

VMware

https://www.vmware.com/security/advisories/VMSA-2020-0009.html

CVE Name

CVE-2020-11651

CVE-2020-11652

Fwd: [CIVN-2020-0216] Multiple Vulnerabilities in VMware

Ajay Verma CVE-2020-3957 , CVE-2020-3958 , CVE-2020-3959 , denial of service , privilege escalation , risk high , vmware 01:12

Severity Rating: High

Software Affected

· VMware ESXi 6.5, 6.7, 7.0

· VMware Workstation Pro / Player (Workstation) prior to 15.5.2

· VMware Fusion Pro / Fusion (Fusion) prior to 11.5.5

· VMware Remote Console for Mac (VMRC for Mac) 11.x and prior

· VMware Horizon Client for Mac 5.x and prior

Overview

These vulnerabilities have been reported in VMware that could allow a

remote attacker to escalate their privileges to root and non-administrative

access to a virtual machine to crash virtual machine's vmx on the targeted

system.

Description

1. Privilege Escalation Vulnerability (CVE-2020-3957)

This vulnerability exists in VMware core due to a Time-of-check Time-of-use

(TOCTOU) issue in the service opener. Successful exploitation of this

Vulnerability could allow the attackers with normal user privileges to

escalate their privileges to root on the targeted system .

2. Denial-of-service Vulnerability (CVE-2020-3958)

This vulnerability exists in VMware due to reachable assertion in the

shader functionality. A remote attacker could exploit this vulnerability by

pass a malformed pixel shader (inside VMware guest OS) and perform a denial

of service (DoS) attack due a panic condition in the vmware-vmx.exe process

on host.

Successful exploitation of this issue may allow attackers with

non-administrative access to a virtual machine to crash the virtual

machine's vmx process leading to a denial of service condition.

3. Memory leak Vulnerability (CVE-2020-3959)

This vulnerability exists in VMware due to memory leak in the VMCI module.

An attacker could exploit this vulnerability by gaining local

non-administrative access to a virtual machine.

Successful exploitation of this Vulnerability could allow the attacker to

crash the virtual machine's vmx process leading to a partial denial of

service on the targeted system.

Solution

Apply appropriate fixes as issued by vendor in:

https://www.vmware.com/security/advisories/VMSA-2020-0011.html

Vendor Information

VMware

https://www.vmware.com/security/advisories/VMSA-2020-0011.html

Reference

VMware

https://www.vmware.com/security/advisories/VMSA-2020-0011.html

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-3957

https://nvd.nist.gov/vuln/detail/CVE-2020-3958

https://nvd.nist.gov/vuln/detail/CVE-2020-3959

CVE Name

CVE-2020-3957

CVE-2020-3958

CVE-2020-3959

Subscribe to: Posts ( Atom )

Fwd: [CIVN-2020-0194] Multiple Vulnerabilities in VMware vRealize Operations Application Remote Collector (ARC)

Fwd: [CIVN-2020-0216] Multiple Vulnerabilities in VMware

Popular Posts

Facebook

Blog Archive