VMware recently announced the vulnerabilities below, affecting VMware ESXi, Workstation, Fusion, and Cloud Foundation. With regard to ESXi specifically, all supported versions (7.0, 6.7, and 6.5) are affected.
Use-after-free vulnerability in XHCI USB controller (CVE-2020-4004)
- Severity – Critical (CVSSv3 base score 9.3).
- Attack vector – A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
- Resolution – Apply patched version.
- Workaround – Remove XCHI (USB 3.x) controller.
VMX elevation-of-privilege vulnerability (CVE-2020-4005)
- Severity – Important (CVSSv3 base score 8.8).
- Attack vector – A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004).
- Resolution – Apply patched version.
- Workaround – None.
Kraft Kennedy recommends applying a patched version at your earliest convenience. Please contact our team if you would like assistance.
Learn more about SCCM/MECM and Managed Desktop Services:
