Security Alert (A20-10-05): Multiple Vulnerabilities in VMware Products


 

Published on: 21 October 2020

  
  

Description:

VMware has published a security advisory to address multiple vulnerabilities in VMware products. The list of security updates can be found at:

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

 

Affected Systems:

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • NSX-T
  • VMware Cloud Foundation

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could result in arbitrary code execution, information leakage, man-in-the-middle attack, session hijacking or system crash on the affected system.

 

Recommendation:

Patches for affected products are available.  System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

https://www.vmware.com/security/advisories/VMSA-2020-0023.html
https://www.hkcert.org/my_url/en/alert/20102102
https://us-cert.cisa.gov/ncas/current-activity/2020/10/20/vmware-releases-security-updates-multiple-products
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3992 (to CVE-2020-3995)

 



Tag: VMware , ESXi , VMware Workstation , VMware Fusion , NSX-T , VMware Cloud Foundation
Tags