Home > Cyber News > CVE-2020-3992: Critical VMware Flaw Could Lead to Remote Code Execution

CVE-2020-3992: Critical VMware Flaw Could Lead to Remote Code Execution

CVE-2020-3992 is a VMware vulnerability in the ESXi hypervisor products. The vulnerability is rated as critical and could lead to remote code execution.

CVE-2020-3992 in Detail

According to the official description:

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

It should be noted that the previous patch VMware issues on October 20 didn’t completely fix the flaw. The reason is that specific versions that were affected weren’t addressed in the initial update.

The vulnerability was discovered in the OpenSLP feature of VMware ESXi. ESXi is a hypervisor that utilizes software to partition processor, memory, storage, and networking resources into multiple VMs (virtual machines). Each VM runs its own operating system and apps. As explained by VMware, “VMware ESXi effectively partitions hardware to consolidate applications and cut costs. It’s the industry leader for efficient architecture, setting the standard for reliability, performance, and support.”

What is OpenSLP? It is an open-standard protocol that enables systems to discover services that can be used on the network.

The CVE-2020-3992 vulnerability is caused by the implementation of OpenSLP in ESXi, causing a use-after-free (UAF) issue. UAF vulnerabilities typically stem from the incorrect utilization of dynamic memory during a program’s operation. More specifically, If a program does not clear the pointer to the memory after freeing a memory location, an attacker can exploit the bug.

CVE-2020-3992, in particular, can help a hacker with access to port 427 of the management network on an ESXi machine to trigger a user-after-free issue in OpenSLP. This could lead to remote code execution, VMware warned.

In May, the company addressed another severe remote code execution vulnerability in the VMware Cloud Director. Tracked as CVE-2020-3956, the flaw triggered code injection that allowed authenticated attackers to send malicious traffic to Cloud Director. This could then lead to arbitrary code execution.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share