Sysadmins responsible for VMware deployments should test and apply the latest security updates for the software.
In an advisory published this morning, VMware revealed six vulnerabilities affecting its ESXi, Workstation, Fusion, Cloud Foundation, and NSX-T products.
CVE-2020-3992, which tops the list with a 9.8 out of 10 CVSS severity rating, is a use-after-free vuln in the ESXi hypervisor that can be exploited via the network to run malicious code on the target host.
The IT giant said: “A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.”