• Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Red Hat update for libssh2
March 29, 2019
Rewterz Threat Advisory – CVE-2019-3813 – Amazon Linux update for spice
March 30, 2019

Rewterz Threat Advisory – VMware ESXi / Workstation Player Multiple Vulnerabilities

March 30, 2019

Severity

Medium

Analysis Summary

1) An error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to cause an out-of-bounds memory access.

2) A race condition error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #1 and #2 may allow execution of code on the host but requires virtual machine with a virtual USB controller present.

Impact

Security Bypass

Affected Vendors

VMware

Affected Products

VMware Workstation Player 14.xVMware ESXi 6.x

Remediation

Apply patch or update to a fixed version.

VMware ESXi version 6.0:

Apply ESXi600-201903001.

VMware ESXi version 6.5:

Apply ESXi650-201903001.

VMware ESXi version 6.7:

Apply ESXi670-201903001.

VMware Workstation Player:

Update to version 14.1.7.

  • Services
    • Asses
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.