描述:
VMware发布了一个安全公告,以应对 VMware 产品中的多个漏洞。有关安全性更新的列表,请参考以下网址:
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
受影响的系统:
- VMware ESXi
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Cloud Foundation
影响:
成功利用这些漏洞可以使攻击者能够从访客虚拟机上的虚拟机器监视器执行任意程式码、泄漏资讯或阻断服务。
建议:
产品供应商在其网站发布了新版本及解决方法以应对问题。
- VMware ESXi 6.5, 6.7, 7.0
https://my.vmware.com/group/vmware/patch
- VMware Fusion 11.5.5
https://www.vmware.com/go/downloadfusion
- VMware Workstation Pro 15.5.5
https://www.vmware.com/go/downloadworkstation
- VMware Workstation Player 15.5.5
https://www.vmware.com/go/downloadplayer
- VMware Cloud Foundation 3.7.2
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.7.2/rn/VMware-Cloud-Foundation-372-Release-Notes.html
- VMware Cloud Foundation
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.10/rn/VMware-Cloud-Foundation-310-Release-Notes.html
受影响系统的系统管理员应遵从产品供应商的建议,立即采取行动以降低风险。
进一步信息:
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3962
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3971