Re: CVE - Local Access Question

JimShorts · ‎07-13-2020

Hi,

I have a silly question. I'm pretty new and I'm learning about ESXis. Recently, I received a few CVE notices, it often talks about "A malicious actor with local access" or "A malicious actor with local administrative privileges".

Does this mean the user needs to connect directly with the console or does it mean that as long as they can somehow remote using either the UI, SSH it's vulnerable?

scott28tt · ‎07-13-2020

Where exactly did you receive the notices?

-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog

JimShorts · ‎07-13-2020

We have a RSS feed that tells us the latest CVE from VMWare.

Here is an example of one:

VMSA-2020-0015

All

CVE - Local Access Question