Saturday, May 4, 2024
Home Hacking News VMware Fixes the Flaw that affects Workstation

VMware Fixes the Flaw that affects Workstation

VMware got vulnerability which affects the multiple products which allow threat actors to get sensitive information from the user.

Vulnerabilities Found in VMware

CVE-2020-3960

This is the out-of-bounds which reads the vulnerability and affects the VMware ESXi Workstation and the Fusion where the users get notifications to update the fixed versions.

The malicious actor that controls the local and non-administrative access which have access to a virtual machine that may be having the privileged information which condition in memory.

CVE-2020-3961

Due to unsafe loading of libraries and configuration which gave access to the vulnerable folder that exists with the VMware Horizon Client for the Windows Operating System.

The Vulnerabilities that are found can be exploited by the local user on any of the systems and then able to run the commands on any user.

The affected vulnerabilities target the Horizon clients of windows 5.x and upper version which was fixed with version 5.4.3. The vulnerabilities considered as the important severity range and having 8.4 scores in CVSSv3.

CVE-2020-3956

A code injection vulnerability that can target the VMware Cloud Director that leads to arbitrary can done by the remote code execution methods. The vulnerability can be exploited by the cyber threat actor by sending the unknown traffic to the VMware Cloud Director.

HTML 5 and Flex-based UIs are used to exploit and do the vulnerabilities which can also use the API explorer interface and API access.

Comment your Suggestion regarding the article and thank you for reading this article.

 

Bipin Choudharyhttps://vednam.com
Bipin has been a passionate blogger for several years. He is a Cyber Security Enthusiast, Security Blogger, Technical Writer. He is always eager to know everything about the latest technology development and advancement. Author @ Vednam

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular

7 Best Free Ethical Hacking Courses Online

  Ethical hacking is the practice of identifying vulnerabilities in computer systems and networks, using the same techniques and tools as malicious hackers. Ethical hackers,...

How does AuKill malware work?

AuKill Malware Actively Used to Disable EDR in Ongoing Attacks The cybersecurity landscape is constantly evolving, and attackers are always finding new ways to breach...

What is Black box hacking ? How Does it works ?

  Black box hacking refers to the process of testing a system, network or application for vulnerabilities without having any prior knowledge of its internal...

What is Penetration testing ? How does it works ?

  Penetration testing, or PenTesting for short, is a critical part of any comprehensive cybersecurity program. It involves testing the security of computer systems, networks,...

Recent Comments