VMware | ESXi & Workstation & Fusion°²È«·ì϶¹«¸æ

°ä²¼¹¦·ò 2020-11-23

0x00 ·ì϶¸ÅÊö

²úÆ·Ãû³Æ

CVE ID

Àà ÐÍ

·ì϶µÈ¼¶

Ô¶³ÌÀûÓÃ

Ó°ÏìÁìÓò

VMware ESXi¡¢WorkstationºÍFusion

CVE-2020-4004

Use-after-free

ÑϳÁ

·ñ

VMware ESXi¡¢

VMware Workstation Pro /   Player (Workstation)

VMware Fusion Pro / Fusion   (Fusion)¡¢

VMware Cloud Foundation

VMware ESXi

CVE-2020-4005

ȨÏÞÌáÉý

¸ßΣ

·ñ

 

 

0x01 ·ì϶ÏêÇé

 

image.png

 

2020Äê11ÔÂ19ÈÕ£¬VMware°ä²¼°²È«¸üУ¬½¨¸´ÁËÁ½¸ö·ì϶£¨CVE-2020-4004ºÍCVE-2020-4005£©¡£·ì϶ÏêÇéÈçÏ£º


XHCI USB½ÚÔìÆ÷ÖеÄUse-after-free·ì϶£¨CVE-2020-4004£©

¸Ã·ì϶´æÔÚÓÚVMware ESXi¡¢WorkstationºÍFusionµÄXHCI USB½ÚÔìÆ÷ÖУ¬ÆäCVSSÆÀ·Ö9.3¡£ÔÚÐé¹¹»úÉÏÓµÓб¾µØÖÎÀíԱȨÏ޵Ĺ¥»÷Õß¿ÉÄÜÀûÓô˷ì϶½«¶ñÒâ´úÂë×÷ΪÎïÀíÖ÷»úÉϵÄVMX¹ý³ÌÀ´Ö´ÐС£

·ì϶Á´½Ó£º

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4004

 

VMXȨÏÞÌáÉý·ì϶£¨CVE-2020-4005£©

¸Ã·ì϶´æÔÚÓÚVMware ESXiÖУ¬ÆäCVSSÆÀ·Ö8.8¡£ÓÉÓÚϵͳÖÎÀíŲÓõķ½Ê½ÖдæÔÚÎÊÌ⣬ÔÚVMX¹ý³ÌÖÐÕ¼ÓÐȨÏ޵Ĺ¥»÷ÕßÄܹ»ÀûÓô˷ì϶ÌáÉýÊÜÓ°ÏìÎïÀíÖ÷»úϵͳÉϵÄȨÏÞ¡£Äܹ»Í¨¹ý¹²Í¬CVE-2020-4004À´ÀûÓô˷ì϶¡£

·ì϶Á´½Ó£º

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4005

 

0x02 ´ëÖý¨Òé

Ä¿Ç°VMwareÒѾ­°ä²¼ÁËÓйظüУ¬½¨Òé²Î¿¼Ï±íʵʱ½¨¸´¡£

²úÆ·

°æ±¾

CVE ID

ÑϳÁˮƽ

½¨¸´°æ±¾

½¨¸´²½Öè

ESXi

7.0

CVE-2020-4004

ÑϳÁ

ESXi70U1b-17168206

жÔØXHCI USB 3.x½ÚÔìÆ÷

ESXi

6.7

CVE-2020-4004

ÑϳÁ

ESXi670-202011101-SG

жÔØXHCI USB 3.x½ÚÔìÆ÷

ESXi

6.5

CVE-2020-4004

ÑϳÁ

ESXi650-202011301-SG

жÔØXHCI USB 3.x½ÚÔìÆ÷

Fusion

12.x

CVE-2020-4004

²»ÊÜÓ°Ïì

²»ÊÜÓ°Ïì

N/A

Fusion

11.x

CVE-2020-4004

ÑϳÁ

11.5.7

жÔØXHCI USB 3.x½ÚÔìÆ÷

Workstation

16.x

CVE-2020-4004

²»ÊÜÓ°Ïì

²»ÊÜÓ°Ïì

N/A

Workstation

15.x

CVE-2020-4004

ÑϳÁ

15.5.7

жÔØXHCI USB 3.x½ÚÔìÆ÷

VMware Cloud Foundation (ESXi)

4.x

CVE-2020-4004

ÑϳÁ

ÔÝÎÞ²¹¶¡

жÔØXHCI USB 3.x½ÚÔìÆ÷

VMware Cloud Foundation (ESXi)

3.x

CVE-2020-4004

ÑϳÁ

ÔÝÎÞ²¹¶¡

жÔØXHCI USB 3.x½ÚÔìÆ÷

ESXi

7.0

CVE-2020-4005

¸ßΣ

ESXi70U1b-17168206

None

ESXi

6.7

CVE-2020-4005

¸ßΣ

ESXi670-202011101-SG

None

ESXi

6.5

CVE-2020-4005

¸ßΣ

ESXi650-202011301-SG

None

VMware Cloud Foundation (ESXi)

4.x

CVE-2020-4005

¸ßΣ

ÔÝÎÞ²¹¶¡

None

VMware Cloud Foundation (ESXi)

3.x

CVE-2020-4005

¸ßΣ

ÔÝÎÞ²¹¶¡

None

 

ÏÂÔصØÖ·£º

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

 

0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

https://securityaffairs.co/wordpress/111214/hacking/vmware-fixed-tianfu-bugs.html?

https://www.bleepingcomputer.com/news/security/vmware-releases-fix-for-critical-esxi-workstation-vulnerability/?

 

0x04 ¹¦·òÏß

2020-11-19  VMware°ä²¼°²È«¸üÐÂ

2020-11-23  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png