VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator

VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful of serious security holes.



Vulnerabilities in ESXi hypervisor exploited during a hacking competition


During the Tianfu Cup Pwn Contest that was held in Chengdu, China, earlier this month, Xiao Wei and Tianwen Tang, two researchers from the Qihoo 360 Vulcan Team, exploited two previously unknown vulnerabilities to thoroughly compromise VMWare’s ESXi hypervisor:


CVE-2020-4004, deemed “critical”, is a use-after-free vulnerability in XHCI USB controller that can be used by attackers with local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host
CVE-2020-4005, deemed “important”, is a VMX elevation-of-privilege vulnerability that can be used by attackers with privileges within the VMX process to escalate their privileges on the affected system

CVE-2020-4004 affects various versions of ESXi, but also VMware Fusion (Mac virtualization solution), VMware Workstation Player (desktop hypervisor application) and VMware Cloud Foundation (ESXi). CVE-2020-4005 affects ESXi and VMware Cloud Foundation. Most patches are already available, but those for Cloud Foundation are still pending.


Users are advised to peruse this advisory and see whether they should update their installations.


VMware SD-WAN Orchestrator vulnerabilities


VMware has also released security updates for both supported branches (3.x and 4.x) of SD-WAN Orchestrator, its enterprise solution for provisioning virtual services in the branch, the cloud, or the enterprise data center.


They fix six vulnerabilities, including SQL injection vulnerabilities, a directory traversal file execution flaw, and default passwords for predefin ..

Support the originator by clicking the read the rest link below.