[German]VMware developers have closed several critical vulnerabilities in their virtualization products VMware Workstation and Fusion these days.
I have already become aware of this issue a few days ago via this tweet from Bleeping Computer.
— BleepingComputer (@BleepinComputer) June 24, 2020
VMware has therefore released security updates to address several vulnerabilities in VMware ESXi, Workstation and Fusion. One of them is a critical flaw in default configurations of Workstation and Fusion with 3D graphics enabled.
The US Cyber Security and Infrastructure Security Agency (CISA) has also issued a warning. It warns that an attacker could exploit some of these vulnerabilities to take control of an affected system. CISA users and administrators are urged to update VMware products as soon as possible.
Details are available in the VMware Advisory
Details can be found in the VMware security advisory VMSA-2020-0015 dated June 23, 2020, where VMware lists the following CVEs:
CVE-2020-3962, CVE-2020-3963, CVE-2020-3964, CVE-2020-3965, CVE-2020-3966, CVE-2020-3967, CVE-2020-3968, CVE-2020-3969, CVE-2020-3970, CVE-2020-3971
The following VMware products are affected:
- VMware ESXi
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Cloud Foundation
The VMware Security Advisory VMSA-2020-0015 provides details about the vulnerabilities and also provides information about the required updates or workarounds.