www.belgium.be Logo of the federal government

Warning: Actively exploited VMware vulnerabilities

Reference: 
Advisory #2020-035
Version: 
1.0
Affected software: 
VMware EXSi version 7.0, 6.7, 6.5, 6.0 and earlier.
VMware Horizon DaaS 8.0 and earlier.
VMware Cloud Foundation (EXSi) 4.0, 3.0 and earlier.
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2020-3992 - CVSS.V3 - 9.8
CVE-2019-5544 - CVSS.V3 - 9.8

Date: 
13/11/2020

Sources

https://www.zerodayinitiative.com/advisories/ZDI-20-1269/
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
www.vmware.com/security/advisories/VMSA-2019-0022.html

Risks

These vulnerabilities could allow remote attackers to execute arbitrary code on affected installations of VMware ESXi. No kind of authentication is required to exploit those vulnerabilities.

Description

The vulnerabilities could be exploited by remote attackers to compromise systems running VMware ESXi and execute arbitrary code on them. No level of authentication is required.

The specific flaw exists within the processing of SLP messages. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the SLP daemon.

Recommended Actions

CERT.be recommends to System administrators to install the latest updates released by the vendor for the affected versions: https://www.vmware.com/security/advisories/VMSA-2020-0023.html & www.vmware.com/security/advisories/VMSA-2019-0022.html.

References

https://attackerkb.com/topics/a5SgSHJ1Mx/cve-2020-3992-esxi-openslp-remo...
https://attackerkb.com/topics/nhZc3oqvzj/cve-2019-5544-esxi-openslp-remo...