An updated fix was issued by VMware for a critical-severity remote code execution flaw in its ESXi hypervisor products.
On Wednesday’s VMware advisory, informed customers that it has released new patches for ESXi critical vulnerability – CVE-2020-3992, after learning that a fix made available last month was incomplete.
ESXi is a hypervisor that uses software to the abstract processor, memory, storage, and networking resources into multiple virtual machines (VMs). Each virtual machine runs its own operating system and applications. OpenSLP meanwhile is an open standard technology that allows systems to discover services available for use on the network.
VMware’s October update also issued patches for important flaws:
- CVE-2020-3995 and
- as well as a moderate-severity vulnerability (CVE-2020-3982).
CVE-2020-3992 – VMware ESXi SLP Use-After-Free Remote Code Execution Vulnerability
OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue as a Critical Severity with a maximum CVSSv3 base score of 9.8.
UAF – use-after-free flaws are related to the incorrect utilization of dynamic memory during a program’s operation; If a program does not clear the pointer to the memory after freeing a memory location, an attacker can leverage this flaw.
Impact of Flaw:
Most importantly, In the case of this specific flaw, “a malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution,” the advisory said.
Moreover, further details of the flaw are not yet available.
- VMware ESXi
- VMware Workstation Pro / Player (Workstation), VMware Fusion Pro / Fusion (Fusion)
- VMware Cloud Foundation
- VMware vCenter Server
A patch is still “pending” for affected VMware Cloud Foundation, the hybrid cloud platform for managing virtual machines and orchestrating containers. ESXi users update to fixed versions:
- ESXi70U1a-17119627 (for version 7),
- ESXi670-202011301-SG (for version 6.7), and
- ESXi650-202011401-SG (for version 6.5)
VMware failing to patch a vulnerability on the first try is not unheard of. Earlier this year, the company made several attempts to patch a privilege escalation flaw affecting the MacOS version of Fusion.