CVE-2020-3992 | Vmware ESXiÔ¶³Ì´úÂëÖ´Ðзì϶¹«¸æ

°ä²¼¹¦·ò 2020-10-21

0x00 ·ì϶¸ÅÊö

CVE   ID

CVE-2020-3992

ʱ    ¼ä

2020-10-21

Àà    ÐÍ

RCE

µÈ    ¼¶

¸ßΣ

Ô¶³ÌÀûÓÃ

ÊÇ

Ó°ÏìÁìÓò


 

VMware ESXiÊÇ¿ÉÖ±½Ó×°ÖÃÔÚÎïÀí·þÎñÆ÷ÉϵÄÂã»ú hypervisor ¡£Ëü¿ÉÄÜÖ±½Ó½Ó¼û²¢½ÚÔìµ×²ã×ÊÔ´ £¬Òò¶ø¿É¶ÔÓ²¼þ½øÐÐÓÐЧ·ÖÇø £¬´Ó¶øÕûºÏÀûÓò¢Ï÷¼õ³É±¾ ¡£VMware ESXiÊÇÒµ½çµ±ÏȵĸßЧϵͳ¼Ü¹¹ £¬ÔÚ¿¿µÃסÐÔ¡¢»úÄܺÍÖ§³Ö·½ÃæÉèÖÃÁËÐÐÒµ±ê¸Ë ¡£

 

0x01 ·ì϶ÏêÇé

image.png

 

2020Äê10ÔÂ20ÈÕ £¬Vmware°ä²¼°²È«¹«¸æ £¬VMware ESXiÖеÄOpenSLP×é¼þ´æÔÚÒ»¸öÔ¶³Ì´úÂëÖ´Ðзì϶(CVE-2020-3992) £¬CVSSÆÀ·Ö9.8 ¡£ÓÉÓÚOpenSLP´æÔÚ¿ªÊͺ󱻳ÁÀûÓÃÎÊÌâ £¬¹¥»÷Õ߿ɽӼûESXiËÞÖ÷»úÉϵÄ427¶Ë¿Ú´¥·¢OpenSLP·þÎñÖеġ°use-after-free¡± £¬´Ó¶øµ¼ÖÂÔ¶³Ì´úÂëÖ´ÐÐ ¡£

 

0x02 ´ëÖý¨Òé

Ä¿Ç°VmwareÒÑ°ä²¼Óйز¹¶¡ £¬½¨Òéʵʱ½¨¸´ ¡£

 

ÊÜÓ°Ïì²úÆ·

°æ±¾

°²È«°æ±¾

ÏÂÔØÁ´½Ó

²Ù×÷ÊÖ²á

ESXi

7.0

ESXi_7.0.1-0.0.16850804

https://my.vmware.com/group/vmware/patch

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-701-release-notes.html

ESXi

6.7

ESXi670-202010401-SG

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202010001.html

ESXi

6.5

ESXi650-202010401-SG

https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202010001.html

VMware Cloud   Foundation (ESXi)

4.x

4.1

https://docs.vmware.com/en/VMware-Cloud-Foundation/4.1/rn/VMware-Cloud-Foundation-41-Release-Notes.html

VMware Cloud   Foundation (ESXi)

3.x

3.10.1.1

https://docs.vmware.com/en/VMware-Cloud-Foundation/3.10.1/rn/VMware-Cloud-Foundation-3101-Release-Notes.html#3.10.1.1

 

ÏÂÔصØÖ·£º

https://my.vmware.com/cn/web/vmware/downloads/

һʱ´ëÊ©£º

ÈôÎÞ·¨Éý¼¶ £¬¿Éͨ¹ýÔÚVMware ESXiÉϽûÓÃCIM·þÎñÆ÷×÷Ϊһʱ½â¾ö¹æ»® ¡££¨´Ë²½Öè½öºÏÓÃÓÚESXi£©

 

0x03 ²Î¿¼Á´½Ó

https://kb.vmware.com/s/article/76372

https://www.vmware.com/security/advisories/VMSA-2020-0023.html

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3992

https://nvd.nist.gov/vuln/detail/CVE-2020-3992


0x04 ¹¦·òÏß

2020-10-20  Vmware°ä²¼°²È«²¼¸æ

2020-10-21  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

 

 image.png