Home Hacking News VMware Fixed Multiple Vulnerabilities In Workstation, Fusion, and Others
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

VMware Fixed Multiple Vulnerabilities In Workstation, Fusion, and Others

by Abeerah Hashim
written by Abeerah Hashim
VMware vulnerabilities

VMware has recently patched multiple vulnerabilities affecting Workstation, Fusion, and more. These vulnerabilities also included some critical severity bugs.

Critical Vulnerability In VMware Products

Reportedly, VMware has addressed a critical security bug affecting its products.

As elaborated in their advisory, the vulnerability (CVE-2020-3962) existed in the VMware Workstation (Pro/Player), ESXi, Fusion (Pro/Fusion), and VMware Cloud Foundation. This critical flaw attained a CVSS score of 9.3.

Describing this use after free bug, the advisory reads,

VMware ESXi, Workstation and Fusion contain a Use-after-free vulnerability in the SVGA device… A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

Detailing the response matrix, VMware also mentioned two more vulnerabilities. One of these includes a high-severity off-by-one heap-overflow flaw (CVE-2020-3969) that achieved a CVSS score of 8.1. Whereas, the other included a medium severity Out-of-bound read vulnerability in Shader Functionality (CVE-2020-3970).

Other VMware Vulnerabilities Receiving Patches

Apart from the above three, VMware also patched six high-severity vulnerabilities affecting its products. Three of these, CVE-2020-3967, CVE-2020-3968, and CVE-2020-3966, achieved a CVSS score of 8.1. Whereas, the other three, CVE-2020-3965, CVE-2020-3964, and CVE-2020-3963 achieved a CVSS score of 7.1.

Moreover, they also addressed a single medium severity flaw (CVE-2020-3971) with a 5.9 CVSS score.

Hence, in all, the vendors have released fixes for 10 different security vulnerabilities.

For all the six high severity bugs, VMware has suggested removing the USB controller as a workaround.

Whereas, for the single medium severity vulnerability, no workaround is available.

Nonetheless, the vendors have addressed all the 10 bugs with the release of the latest versions of the respective products. Hence, users should make sure to update their systems according to the advisory.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites