VMware | ESXi & Workstation & FusionÇå¾²Îó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-11-23

0x00 Îó²î¸ÅÊö

²úÆ·Ãû³Æ

CVE ID

Àà ÐÍ

Îó²îÆ·¼¶

Ô¶³ÌʹÓÃ

Ó°Ïì¹æÄ£

VMware ESXi¡¢WorkstationºÍFusion

CVE-2020-4004

Use-after-free

ÑÏÖØ

·ñ

VMware ESXi¡¢

VMware Workstation Pro /   Player (Workstation)

VMware Fusion Pro / Fusion   (Fusion)¡¢

VMware Cloud Foundation

VMware ESXi

CVE-2020-4005

ȨÏÞÌáÉý

¸ßΣ

·ñ

 

 

0x01 Îó²îÏêÇé

 

image.png

 

2020Äê11ÔÂ19ÈÕ£¬£¬£¬£¬£¬£¬VMwareÐû²¼Çå¾²¸üУ¬£¬£¬£¬£¬£¬ÐÞ¸´ÁËÁ½¸öÎó²î£¨CVE-2020-4004ºÍCVE-2020-4005£© ¡£¡£¡£¡£¡£¡£¡£Îó²îÏêÇéÈçÏ£º


XHCI USB¿ØÖÆÆ÷ÖеÄUse-after-freeÎó²î£¨CVE-2020-4004£©

¸ÃÎó²î±£´æÓÚVMware ESXi¡¢WorkstationºÍFusionµÄXHCI USB¿ØÖÆÆ÷ÖУ¬£¬£¬£¬£¬£¬ÆäCVSSÆÀ·Ö9.3 ¡£¡£¡£¡£¡£¡£¡£ÔÚÐéÄâ»úÉϾßÓÐÍâµØÖÎÀíԱȨÏ޵Ĺ¥»÷ÕßÄܹ»Ê¹ÓôËÎó²î½«¶ñÒâ´úÂë×÷ΪÎïÀíÖ÷»úÉϵÄVMXÀú³ÌÀ´Ö´ÐÐ ¡£¡£¡£¡£¡£¡£¡£

Îó²îÁ´½Ó£º

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4004

 

VMXȨÏÞÌáÉýÎó²î£¨CVE-2020-4005£©

¸ÃÎó²î±£´æÓÚVMware ESXiÖУ¬£¬£¬£¬£¬£¬ÆäCVSSÆÀ·Ö8.8 ¡£¡£¡£¡£¡£¡£¡£ÓÉÓÚϵͳÖÎÀíŲÓõķ½·¨Öб£´æÎÊÌ⣬£¬£¬£¬£¬£¬ÔÚVMXÀú³ÌÖÐÓµÓÐȨÏ޵Ĺ¥»÷Õß¿ÉÒÔʹÓôËÎó²îÌáÉýÊÜÓ°ÏìÎïÀíÖ÷»úϵͳÉϵÄȨÏÞ ¡£¡£¡£¡£¡£¡£¡£¿£¿£¿£¿£¿£¿£¿ÉÒÔͨ¹ýÅäºÏCVE-2020-4004À´Ê¹ÓôËÎó²î ¡£¡£¡£¡£¡£¡£¡£

Îó²îÁ´½Ó£º

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4005

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚVMwareÒѾ­Ðû²¼ÁËÏà¹Ø¸üУ¬£¬£¬£¬£¬£¬½¨Òé²Î¿¼Ï±íʵʱÐÞ¸´ ¡£¡£¡£¡£¡£¡£¡£

²úÆ·

°æ±¾

CVE ID

ÑÏÖØˮƽ

ÐÞ¸´°æ±¾

ÐÞ¸´ÒªÁì

ESXi

7.0

CVE-2020-4004

ÑÏÖØ

ESXi70U1b-17168206

жÔØXHCI USB 3.x¿ØÖÆÆ÷

ESXi

6.7

CVE-2020-4004

ÑÏÖØ

ESXi670-202011101-SG

жÔØXHCI USB 3.x¿ØÖÆÆ÷

ESXi

6.5

CVE-2020-4004

ÑÏÖØ

ESXi650-202011301-SG

жÔØXHCI USB 3.x¿ØÖÆÆ÷

Fusion

12.x

CVE-2020-4004

²»ÊÜÓ°Ïì

²»ÊÜÓ°Ïì

N/A

Fusion

11.x

CVE-2020-4004

ÑÏÖØ

11.5.7

жÔØXHCI USB 3.x¿ØÖÆÆ÷

Workstation

16.x

CVE-2020-4004

²»ÊÜÓ°Ïì

²»ÊÜÓ°Ïì

N/A

Workstation

15.x

CVE-2020-4004

ÑÏÖØ

15.5.7

жÔØXHCI USB 3.x¿ØÖÆÆ÷

VMware Cloud Foundation (ESXi)

4.x

CVE-2020-4004

ÑÏÖØ

ÔÝÎÞ²¹¶¡

жÔØXHCI USB 3.x¿ØÖÆÆ÷

VMware Cloud Foundation (ESXi)

3.x

CVE-2020-4004

ÑÏÖØ

ÔÝÎÞ²¹¶¡

жÔØXHCI USB 3.x¿ØÖÆÆ÷

ESXi

7.0

CVE-2020-4005

¸ßΣ

ESXi70U1b-17168206

None

ESXi

6.7

CVE-2020-4005

¸ßΣ

ESXi670-202011101-SG

None

ESXi

6.5

CVE-2020-4005

¸ßΣ

ESXi650-202011301-SG

None

VMware Cloud Foundation (ESXi)

4.x

CVE-2020-4005

¸ßΣ

ÔÝÎÞ²¹¶¡

None

VMware Cloud Foundation (ESXi)

3.x

CVE-2020-4005

¸ßΣ

ÔÝÎÞ²¹¶¡

None

 

ÏÂÔصص㣺

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

 

0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

https://securityaffairs.co/wordpress/111214/hacking/vmware-fixed-tianfu-bugs.html?

https://www.bleepingcomputer.com/news/security/vmware-releases-fix-for-critical-esxi-workstation-vulnerability/?

 

0x04 ʱ¼äÏß

2020-11-19  VMwareÐû²¼Çå¾²¸üÐÂ

2020-11-23  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png