We use cookies to improve your experience on our site and enable certain core website functionalities. For more information, visit our Privacy Policy page.

Accept
  • Insights

VMware Vulnerability affecting VMware ESXi, Workstation, Fusion, and Cloud Foundation

Jeff Silverman

< 1 min read

All Insights

VMware recently announced the vulnerabilities below, affecting VMware ESXi, Workstation, Fusion, and Cloud Foundation. With regard to ESXi specifically, all supported versions (7.0, 6.7, and 6.5) are affected.

Use-after-free vulnerability in XHCI USB controller (CVE-2020-4004)

  • Severity – Critical (CVSSv3 base score 9.3).
  • Attack vector – A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
  • Resolution – Apply patched version.
  • Workaround – Remove XCHI (USB 3.x) controller.

VMX elevation-of-privilege vulnerability (CVE-2020-4005)

  • Severity – Important (CVSSv3 base score 8.8).
  • Attack vector – A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004).
  • Resolution – Apply patched version.
  • Workaround – None.

Kraft Kennedy recommends applying a patched version at your earliest convenience. Please contact our team if you would like assistance.

Learn more about SCCM/MECM and Managed Desktop Services:


Kat's CTA

Author

  • Tracy

    Passionate about efficiency, and meaningful, engaging experiences.
    Over the past decade overseeing the marketing and business development efforts at Kraft Kennedy, my focus has been digital transformation, implementing data-informed strategies that align cross-functional teams with a vision for growth.
    Leveraging expertise in business process improvement, technology adoption, and transition management, I help drive initiatives that enhance organizational performance. Harnessing technology to achieve more.
    My work focuses on understanding the changing needs of law firm professionals, and developing opportunities for knowledge exchange and delivery of actionable insights from technology experts.