CVSS: 10.0EPSS: 44%CPEs: 224EXPL: 0CVE-2020-3992 – VMware ESXi OpenSLP Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2020-3992
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. OpenSLP como es usado en VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202010401-SG, versiones 6.5 anteriores a ESXi650-202010401-SG), presenta un problema de uso de la memoria previamente liberada. Un actor malicioso que reside en la red de administración y que tiene acceso al puerto 427 en una máquina ESXi puede desencadenar un uso de la memoria previamente liberada en el servicio OpenSLP resultando en una ejecución de código remota This vulnerability allows local attackers to escalate privileges on affected installations of VMware ESXi. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of SLP messages. • https://www.vmware.com/security/advisories/VMSA-2020-0023.html https://www.zerodayinitiative.com/advisories/ZDI-20-1377 https://www.zerodayinitiative.com/advisories/ZDI-20-1385 • CWE-416: Use After Free •
CVSS: 6.0EPSS: 0%CPEs: 225EXPL: 0CVE-2020-3981 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-3981
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202008101-SG, versiones 6.5 anteriores a ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x antes de 11.5.6), contienen una vulnerabilidad de lectura fuera de límites debido a un problema time-of-check time-of-use en el dispositivo ACPI. Un actor malicioso con acceso administrativo a una máquina virtual puede ser capaz de explotar este problema para filtrar la memoria del proceso vmx This vulnerability allows local attackers to disclose sensitive information on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-125: Out-of-bounds Read CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.2EPSS: 0%CPEs: 226EXPL: 0CVE-2020-3982 – VMware Workstation BDOOR_CMD_PATCH_ACPI_TABLES Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3982
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.1-0.0.16850804, versiones 6.7 anteriores a ESXi670-202008101-SG, versiones 6.5 anteriores a ESXi650-202007101-SG), Workstation (versiones 15.x), Fusion (versiones 11.x anteriores a de 11.5.6), contienen una vulnerabilidad de escritura fuera de límites debido a un problema time-of-check time-of-use en el dispositivo ACPI. Un actor malicioso con acceso administrativo a una máquina virtual puede ser capaz de explotar esta vulnerabilidad para bloquear el proceso vmx de la máquina virtual o corromper la pila de la memoria del hipervisor This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. • https://www.vmware.com/security/advisories/VMSA-2020-0023.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3991
https://notcve.org/view.php?id=CVE-2020-3991
VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. VMware Horizon Client para Windows (versiones 5.x anteriores a 5.5.0) contiene una vulnerabilidad de denegación de servicio debido a un problema de control de acceso del sistema de archivos durante el tiempo de instalación. Una explotación con éxito de este problema puede permitir a un atacante sobrescribir determinados archivos con privilegios de administrador por medio de un ataque de enlace simbólico en el momento de la instalación. • https://www.vmware.com/security/advisories/VMSA-2020-0022.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-3977
https://notcve.org/view.php?id=CVE-2020-3977
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS. VMware Horizon DaaS (versiones 7.x y versiones 8.x anteriores a 8.0.1 Update 1), contiene una vulnerabilidad de autenticación rota debido a un fallo en la manera en que manejaba la autenticación del primer factor. Una explotación con éxito de este problema puede permitir a un atacante omitir el proceso de autenticación de dos factores. • https://www.vmware.com/security/advisories/VMSA-2020-0021.html • CWE-306: Missing Authentication for Critical Function •