Rewterz Threat Advisory – CVE-2020-8482 – ICS: ABB Device Library Wizard
June 24, 2020Rewterz Threat Alert – Latest LokiBot IOCs
June 24, 2020Rewterz Threat Advisory – CVE-2020-8482 – ICS: ABB Device Library Wizard
June 24, 2020Rewterz Threat Alert – Latest LokiBot IOCs
June 24, 2020Severity
High
Analysis Summary
CVE-2020-3962 (Use-after-free vulnerability)
A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.
CVE-2020-3969 (Off-by-one heap-overflow vulnerability)
A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.
CVE-2020-3970 (Out-of-bound read)
A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine’s vmx process leading to a partial denial of service condition.
CVE-2020-3967 (Heap-overflow vulnerability )
A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.
CVE-2020-3968 (Out-of-bounds write vulnerability)
A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine’s vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.
CVE-2020-3966 (Heap-overflow due to race condition)
A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker’s control must be present for exploitation to be possible.
CVE-2020-3965 (Information leak)
A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVE-2020-3964 (Information Leak)
A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor’s memory. Additional conditions beyond the attacker’s control need to be present for exploitation to be possible.
CVE-2020-3963 (Use-after-free vulnerability)
A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.
CVE-2020-3971 (Heap overflow vulnerability)
A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
Impact
- Information disclosure
- Arbitrary code execution
Affected Vendors
VMware
Affected Products
- VMware ESXi
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Cloud Foundation
Remediation
Refer to VMware advisory for the list of upgraded patches and complete list of affected products.
https://www.vmware.com/security/advisories/VMSA-2020-0015.html