Security Alert (A20-06-10): Multiple Vulnerabilities in VMware Products


 

Published on: 24 June 2020

  
  

Description:

VMware has published a security advisory to address multiple vulnerabilities in VMware products. The list of security updates can be found at:

https://www.vmware.com/security/advisories/VMSA-2020-0015.html

 

Affected Systems:

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could result in arbitrary code execution, information leakage, or denial of service on the hypervisor from a guest virtual machine.

 

Recommendation:

The product vendor has released new versions, as well as workarounds, to address the issues at the vendor's website:

  • VMware ESXi 6.5, 6.7, 7.0
    https://my.vmware.com/group/vmware/patch

  • VMware Fusion 11.5.5
    https://www.vmware.com/go/downloadfusion

  • VMware Workstation Pro 15.5.5
    https://www.vmware.com/go/downloadworkstation

  • VMware Workstation Player 15.5.5
    https://www.vmware.com/go/downloadplayer

  • VMware Cloud Foundation 3.7.2
    https://docs.vmware.com/en/VMware-Cloud-Foundation/3.7.2/rn/VMware-Cloud-Foundation-372-Release-Notes.html

  • VMware Cloud Foundation
    https://docs.vmware.com/en/VMware-Cloud-Foundation/3.10/rn/VMware-Cloud-Foundation-310-Release-Notes.html

System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://www.vmware.com/security/advisories/VMSA-2020-0015.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3971

 



Tag: VMware , ESXi , VMware Workstation , VMware Fusion , VMware Cloud Foundation
Tags