A high-severity flaw affects VMware Workstation, Fusion and vSphere products.

VMware has addressed a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products.

VMware has addressed a high-severity information disclosure vulnerability, tracked as CVE-2020-3960, that affects its Workstation, Fusion and vSphere virtualization products.

The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team.

ESXi, Workstation and Fusion are affected by an out-of-bounds read vulnerability that can be exploited by an attacker with non-admin access to a virtual machine to read privileged information from memory.

“VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in NVMe functionality.” reads the advisory.

The flaw resides in the NVMe functionality. NVMe (nonvolatile memory express) is a new storage access and transport protocol for flash and next-generation solid-state drives (SSDs) that delivers the highest throughput and fastest response times yet for all types of enterprise workloads.

The vulnerability impacts ESXi 6.5 and 6.7, Workstation 15.x and Fusion 11.x. The virtualization firm already released security pathers for the above products, but no workaround is available.

VMware also addressed a high-severity privilege escalation vulnerability, tracked as CVE-2020-3961, that affects Horizon Client for Windows.

“VMware Horizon Client for Windows contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.4.” reads the security advisory published by the company.

Early of June, researchers from hacking firm Citadelo disclosed details for a new critical vulnerability in VMware’s Cloud Director platform, tracked as CVE-2020-3956, that could be abused to takeover corporate servers.

VMware Cloud Director is a cloud service-delivery platform that allows organizations to operate and manage successful cloud-service businesses. Using VMware Cloud Director, cloud providers deliver secure, efficient, and elastic cloud resources to thousands of enterprises and IT teams across the world.

The vulnerability could potentially allow an authenticated attacker to gain access to corporate network, access to sensitive data, and control private clouds within an entire infrastructure.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, virtualization)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.