Dear Team,
Kindly assist us to fix the vulnerability in VMware Host
Vulnerability Name : ESXi 6.5 / 6.7 / 7.0 Multiple Vulnerabilities (VMSA-2020-0026)
Severity : High
Port : 443
Synopsis:The remote VMware ESXi host is missing a security patch and is affected by multiple vulnerabilities.
Description :
According to its self-reported version number, the remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by multiple vulnerabilities.
- A use-after-free error exists in the XHCI USB controller. An unauthenticated, local attacker with local administrative privileges on a virtual machine can exploit this, to execute code as the virtual machine's VMX process running on the host. (CVE-2020-4004)
- A privilege escalation vulnerability exists in ESXi due to how certain system calls are managed. An authenticated, local attacker with privileges within the VPM process can exploit this, when chained with CVE-2020-4004, to obtain escalated privileges. (CVE-2020-4005)
Solution : Apply the appropriate patch as referenced in the vendor advisory.
plugin :ESXi version : 6.5
Installed build : 13932383
Fixed build : 17167537
CVE :CVE-2020-4004,CVE-2020-4005
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Moderator edit by wila: Moved post from Support Hub discussions to ESXi discussions