Pierluigi Paganini June 10, 2020

VMware has addressed a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products.

VMware has addressed a high-severity information disclosure vulnerability, tracked as CVE-2020-3960, that affects its Workstation, Fusion and vSphere virtualization products.

The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team.

ESXi, Workstation and Fusion are affected by an out-of-bounds read vulnerability that can be exploited by an attacker with non-admin access to a virtual machine to read privileged information from memory.

“VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in NVMe functionality.” reads the advisory.

The flaw resides in the NVMe functionality. NVMe (nonvolatile memory express) is a new storage access and transport protocol for flash and next-generation solid-state drives (SSDs) that delivers the highest throughput and fastest response times yet for all types of enterprise workloads.

The vulnerability impacts ESXi 6.5 and 6.7, Workstation 15.x and Fusion 11.x. The virtualization firm already released security pathers for the above products, but no workaround is available.

VMware also addressed a high-severity privilege escalation vulnerability, tracked as CVE-2020-3961, that affects Horizon Client for Windows.

“VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4.” reads the security advisory published by the company.

Early of June, researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers.

VMware Cloud Director is a cloud service-delivery platform that allows organizations to operate and manage successful cloud-service businesses. Using VMware Cloud Director, cloud providers deliver secure, efficient, and elastic cloud resources to thousands of enterprises and IT teams across the world.

The vulnerability could potentially allow an authenticated attacker to gain access to corporate network, access to sensitive data, and control private clouds within an entire infrastructure.

Pierluigi Paganini

(SecurityAffairs – hacking, virtualization)

[adrotate banner=”5″]

[adrotate banner=”13″]