Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2020-8482 – ICS: ABB Device Library Wizard
June 24, 2020
Rewterz
Rewterz Threat Alert – Latest LokiBot IOCs
June 24, 2020

Rewterz Threat Advisory – Multiple Security Vulnerabilities in VMware

Severity

High

Analysis Summary

CVE-2020-3962 (Use-after-free vulnerability)

A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

CVE-2020-3969 (Off-by-one heap-overflow vulnerability)

A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.

CVE-2020-3970 (Out-of-bound read)

A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine’s vmx process leading to a partial denial of service condition.

CVE-2020-3967 (Heap-overflow vulnerability )

A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.

CVE-2020-3968 (Out-of-bounds write vulnerability)

A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine’s vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.

CVE-2020-3966 (Heap-overflow due to race condition)

A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.

CVE-2020-3965 (Information leak)

A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVE-2020-3964 (Information Leak)

A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor’s memory. Additional conditions beyond the attacker’s control need to be present for exploitation to be possible.

 CVE-2020-3963 (Use-after-free vulnerability)

A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.

CVE-2020-3971 (Heap overflow vulnerability)

A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.

Impact

  • Information disclosure
  • Arbitrary code execution

Affected Vendors

VMware

Affected Products

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation

Remediation

Refer to VMware advisory for the list of upgraded patches and complete list of affected products.

https://www.vmware.com/security/advisories/VMSA-2020-0015.html