Security through data

CONTENT

  • Home
  • Blog
  • Data
  • Directory
  • Events
  • Tutorials

FEATURED

  • CyberAlerts
  • CyberDecoded
  • CyberWeekly
  • CyberStory
  • CyberTips

COMPANY

  • About us
  • Advertise
  • Legal & Policy
Cybermaterial
  • CATEGORIES
    • Alerts
    • APIs
    • Apps
    • Blog
    • Cyber101
    • Documents
    • Entertainment
    • Learning
    • Quotes
    • Stats
    • Tools
No Result
View All Result
Contact Us
Newsletter
Cybermaterial
  • CATEGORIES
    • Alerts
    • APIs
    • Apps
    • Blog
    • Cyber101
    • Documents
    • Entertainment
    • Learning
    • Quotes
    • Stats
    • Tools
No Result
View All Result
Contact Us
Newsletter
Cybermaterial
No Result
View All Result

VMware update privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005)

in Alerts
1 min read
December 8, 2020

VMware ESXi, Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2020-4004, CVE-2020-4005).

1. Impacted Products:

VMware ESXi VMware Workstation Pro / Player (Workstation) VMware Fusion Pro / Fusion (Fusion) VMware Cloud Foundation

2. Introduction Multiple vulnerabilities:

in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. 3a. Use-after-free vulnerability in XHCI USB controller (CVE-2020-4004) Description VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller.

VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

Known Attack Vectors

A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.

Resolution To remediate CVE-2020-4004 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below. Workarounds Workarounds for CVE-2020-4004 have been listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.

CHECK UPDATE

Tags: AlertsVmware
30
VIEWS

More Alerts

New variant of the QRAT downloader embedded in fake video
Alerts

New variant of the QRAT downloader embedded in fake video

Guidance on Obsolete Encryption Tools released by NSA

Guidance on Obsolete Encryption Tools released by NSA

Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance v2
Alerts

Mitigate SolarWinds Orion Code Compromise – Supplemental Guidance v2

MORE

Stats

273.782.113 unique URLs were recognized as malicious by web antivirus components.

Books

Book: Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do about it

Gitlab

For Windows: Clone a Gitlab project to your Local Computer with SSH keys

Quotes

“Domain name registrars and registry operators can prevent and mitigate large…”

ADVERTISEMENT

Tags

Books Cyber Definition Cybersecurity Hackers Malware Memes Movies Quantum Computing Software Word of the day

© 2021 | CyberMaterial | All rights reserved.

SECURITY THROUGH DATA

No Result
View All Result
  • Home
  • Blog
  • Data
  • Directory
  • Events
  • Tutorials
  • CyberDecoded
  • Stats
  • CyberStory
  • CyberTips
  • Cyber Weekly

© 2020 CyberMaterial - Cyber Decoded.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.