VMware late last week released patches for two security flaws, which ranged from important to critical in terms of severity. The fixes resolved vulnerabilities within its vCloud Director platform and within its hypervisor software: ESXi, Workstation, and Fusion.
The first advisory was directed at a remote session hijack vulnerability found within the vCloud Director platform for service providers, which is VMware’s cloud service delivery platform. The vulnerability was found within the tenant and provider portals and allowed attackers to access the portals through impersonation of someone logged into a session.
This vulnerability was ranked as a “critical” security flaw. It was discovered by four faculty members at Dakota State University.
ESXi is VMware’s bare metal hypervisor software; Workstation its hypervisor that runs on x64 versions of Windows and Linux operating systems; and Fusion is its software hypervisor for Macintosh computers.
The first critical flaw affected all three hypervisors and gave malicious actors access to virtual machines (VMs) when a virtual USB controller was present, allowing a hacker to execute code on the host.
The second critical flaw, affecting Workstation and Fusion, was an out-of-bounds vulnerability in their e1000 virtual network adapter. This flaw also allowed the attacker to execute code.
The third, an important fix, also affected Workstation and Fusion with an out-of-bounds vulnerability in both the e1000 and e1000e virtual network adapter. While the flaw could allow code execution from the bad actor, it could also result in denial of service to the actor.
The fourth, and final, critical flaw affected only the Fusion hypervisor. This vulnerability was a result of unauthenticated APIs that could be accessed through a web socket. Bad actors could exploit this by tricking the host user execute functions and perform unauthorized functions on the guest machine where VMware Tools is installed.