VUL0054055

Shaikmu225 · ‎04-28-2022

Threat

According to its self-reported version number, the remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities. - A use-after-free error exists in the XHCI USB controller. An unauthenticated, local attacker with local administrative privileges on a virtual machine can exploit this, to execute code as the virtual machine's VMX process running on the host. (CVE-2020-4004) - A privilege escalation vulnerability exists in ESXi due to how certain system calls are managed. An authenticated, local attacker with privileges within the VPM process can exploit this, when chained with CVE-2020-4004, to obtain escalated privileges. (CVE-2020-4005) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Remediation notes

Apply the appropriate patch as referenced in the vendor advisory.

Can some one plz provide the link to download patch to remediate.

thanks in advance.

fabio1975 · ‎04-28-2022

CIao

Here you can find the vmware bulletin on the security of the vulnerability indicated by you with also the workaround and the patches to be applied:

VMSA-2020-0026.1 (vmware.com)

Here you can find and download the ESXi version to patch the vulnerability:

Product Patches - VMware Customer Connect

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

All

VUL0054055