Rewterz Threat Advisory – CVE-2020-3960 – VMware ESXi, Workstation and Fusion information disclosure Vulnerability

Rewterz Threat Advisory – CVE-2020-3961 – VMware Horizon Client for Windows update privilege escalation vulnerability

June 11, 2020

Rewterz Threat Alert – Valak Malware and the Connection to Gozi Loader

June 11, 2020

Rewterz Threat Advisory – CVE-2020-3960 – VMware ESXi, Workstation and Fusion information disclosure Vulnerability

Severity

Medium

Analysis Summary

VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine may be able to read privileged information contained in memory.

Impact

Information disclosure

Affected Vendors

VMware

Affected Products

VMware ESXi 6.5
VMware ESXi 6.7
VMware Workstation 15.0
VMware Fusion 11.0

Remediation

Refer to vendor’s advisory for the upgraded patches.

https://www.vmware.com/security/advisories/VMSA-2020-0012.html

Rewterz Threat Advisory – CVE-2020-3961 – VMware Horizon Client for Windows update privilege escalation vulnerability

Rewterz Threat Alert – Valak Malware and the Connection to Gozi Loader

Rewterz Threat Advisory – CVE-2020-3960 – VMware ESXi, Workstation and Fusion information disclosure Vulnerability

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan