VMware Unpatched Critical Flaw Affects Multiple Products

Home/Security Update, Software Issues/VMware Unpatched Critical Flaw Affects Multiple Products

VMware Unpatched Critical Flaw Affects Multiple Products

VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system.

VMware Security Advisory

The vulnerability was discovered by Qihoo 360 Vulcan Team at the 2020 Tianfu Cup Pwn Contest held earlier this month in China.

Firstly, The vulnerability was described: CVE-2020-4004, CVE-2020-4005, CVE-2020-4006.

Secondly, Below are the list of affected VMware products:

  • VMware Workspace One Access (versions 20.01 and 20.10 for Linux and Windows)
  • Workspace One Access Connector (versions 20.10,, and for Windows)
  • VMware Identity Manager (versions 3.3.1, 3.3.2, and 3.3.3 for Linux and Windows)
  • Identity Manager Connector (versions 3.3.1, 3.3.2 for Linux and 3.3.1, 3.3.2, 3.3.3 for Windows)
  • VMware Cloud Foundation (versions 4.x for Linux and Windows)
  • vRealize Suite Lifecycle Manager (versions 8.x for Linux and Windows)

Follow Us on: Twitter, Instagram, LinkedIn

CVE-2020-4004Use-after-free Vulnerability in XHCI USB Controller


VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.

Because of which a malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.

CVSS Score:

Score 9.3

Fixed Versions:

ProductVersionRunning OnFixed VersionWorkarounds
ESXi7AnyESXi70U1b-17168206Remove XHCI (USB 3.x) controller
ESXi6.7AnyESXi670-202011101-SGRemove XHCI (USB 3.x) controller
ESXi6.5AnyESXi650-202011301-SGRemove XHCI (USB 3.x) controller
Fusion11.xOS X11.5.7Remove XHCI (USB 3.x) controller
Workstation15.xAny15.5.7Remove XHCI (USB 3.x) controller
VMware Cloud Foundation (ESXi)4.xAnyPatch PendingRemove XHCI (USB 3.x) controller
VMware Cloud Foundation (ESXi)3.xAnyPatch PendingRemove XHCI (USB 3.x) controller
Source: VMware

CVE-2020-4005 — VMX elevation-of-privilege Vulnerability


VMware ESXi contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.

However, A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004).

CVSS Score:

Score 8.8

Fixed Versions:

ProductVersionRunning OnFixed VersionWorkarounds
VMware Cloud Foundation (ESXi)4.xAnyPatch pendingAny
VMware Cloud Foundation (ESXi)3.xAnyPatch PendingAny
Source: VMware

CVE-2020-4006 — Command Injection Vulnerability


VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator.

However, A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system.

CVSS Score:

Score 9.1

Fixed versions:

ProductVersionRunning OnFixed VersionWorkarounds
Access20.1LinuxPatch PendingKB81731
Access20.01LinuxPatch PendingKB81731
vIDM3.3.3LinuxPatch PendingKB81731
vIDM3.3.2LinuxPatch PendingKB81731
vIDM3.3.1LinuxPatch PendingKB81731
vIDM Connector3.3.3WindowsPatch PendingKB81731
vIDM Connector3.32LinuxPatch PendingKB81731
vIDM Connector3.3.2WindowsPatch PendingKB81731
vIDM Connector3.3.1LinuxPatch PendingKB81731
vIDM Connector3.3.1WindowsPatch PendingKB81731
Source: VMware


In short, Visit the official VMware page to fix the temporary workarounds released.

By | 2020-11-24T22:08:21+05:30 November 24th, 2020|Security Update, Software Issues|

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!