VMware patched several vulnerabilities

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
VMware this week informed customers that it has patched several vulnerabilities in its ESXi, Workstation, Fusion and NSX-T products, including a critical flaw that allows arbitrary code execution.

The critical vulnerability, identified as CVE-2020-3992, has been described as a use-after-free issue that affects the OpenSLP service in ESXi.

The vulnerability was reported to VMware on July 22 by Lucas Leong of Trend Micro's Zero Day Initiative (ZDI). In its own advisory, ZDI said the vulnerability can be exploited by a remote, unauthenticated attacker to execute arbitrary code.

“The specific flaw exists within the processing of SLP messages. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the SLP daemon,” ZDI said.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top