CVSS: 8.2EPSS: 0%CPEs: 184EXPL: 0CVE-2020-4004
https://notcve.org/view.php?id=CVE-2020-4004
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, versiones 6.7 anteriores a ESXi670-202011101-SG, versiones 6.5 anteriores a ESXi650-202011301-SG), Workstation (versiones 15.x anteriores a 15.5.7), Fusion (versiones 11.x anteriores a 11.5.7), contienen una vulnerabilidad de uso de la memoria previamente liberada en el controlador USB XHCI. Un actor malicioso con privilegios administrativos locales en una máquina virtual puede explotar este problema para ejecutar código como el proceso VMX de la máquina virtual que se ejecuta en el host • https://www.vmware.com/security/advisories/VMSA-2020-0026.html • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 181EXPL: 0CVE-2020-4005
https://notcve.org/view.php?id=CVE-2020-4005
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) VMware ESXi (versiones 7.0 anteriores a ESXi70U1b-17168206, versiones 6.7 anteriores a ESXi670-202011101-SG, versiones 6.5 anteriores a ESXi650-202011301-SG), contiene una vulnerabilidad de escalada de privilegios que se presenta en la manera en que son administradas determinadas llamadas del sistema. Un actor malicioso con privilegios dentro del proceso VMX únicamente, puede escalar sus privilegios en el sistema afectado. • https://www.vmware.com/security/advisories/VMSA-2020-0026.html •
CVSS: 5.3EPSS: 0%CPEs: 175EXPL: 0CVE-2020-3995
https://notcve.org/view.php?id=CVE-2020-3995
In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time. En VMware ESXi (versiones 6.7 anteriores a ESXi670-201908101-SG, versiones 6.5 anteriores a ESXi650-202007101-SG), Workstation (versiones 15.x anteriores a 15.1.0), Fusion (versiones 11.x anteriores a 11.1.0), los controladores del host VMCI utilizados por los hipervisores de VMware contienen una vulnerabilidad de filtrado de memoria. Un actor malicioso con acceso a una máquina virtual puede desencadenar un problema de filtrado de memoria que resulte en el agotamiento de los recursos de memoria en el hipervisor si el ataque se mantiene durante períodos prolongados • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 10.0EPSS: 44%CPEs: 224EXPL: 0CVE-2020-3992 – VMware ESXi OpenSLP Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-3992
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. OpenSLP como es usado en VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202010401-SG, versiones 6.5 anteriores a ESXi650-202010401-SG), presenta un problema de uso de la memoria previamente liberada. Un actor malicioso que reside en la red de administración y que tiene acceso al puerto 427 en una máquina ESXi puede desencadenar un uso de la memoria previamente liberada en el servicio OpenSLP resultando en una ejecución de código remota This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. • https://www.vmware.com/security/advisories/VMSA-2020-0023.html https://www.zerodayinitiative.com/advisories/ZDI-20-1377 https://www.zerodayinitiative.com/advisories/ZDI-20-1385 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 225EXPL: 0CVE-2020-3981 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3981
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202008101-SG, versiones 6.5 anteriores a ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x antes de 11.5.6), contienen una vulnerabilidad de lectura fuera de límites debido a un problema time-of-check time-of-use en el dispositivo ACPI. Un actor malicioso con acceso administrativo a una máquina virtual puede ser capaz de explotar este problema para filtrar la memoria del proceso vmx This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-125: Out-of-bounds Read CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •