This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Vmware First view 2017-11-20
Product Esxi Last view 2023-04-25
Version 6.5 Type Os
Update 650-201707216  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:vmware:esxi

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
7.5 2023-04-25 CVE-2023-29552

The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.

3.3 2022-12-13 CVE-2022-31699

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

8.8 2022-12-13 CVE-2022-31696

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

6.5 2022-10-07 CVE-2022-31681

VMware ESXi contains a null-pointer deference vulnerability. A malicious actor with privileges within the VMX process only, may create a denial of service condition on the host.

7.8 2022-01-04 CVE-2021-22045

VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

7.5 2021-07-13 CVE-2021-21995

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition.

9.8 2021-07-13 CVE-2021-21994

SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.

8.8 2021-02-24 CVE-2021-21974

OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution.

7.8 2020-11-20 CVE-2020-4005

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)

5.3 2020-10-20 CVE-2020-3995

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability. A malicious actor with access to a virtual machine may be able to trigger a memory leak issue resulting in memory resource exhaustion on the hypervisor if the attack is sustained for extended periods of time.

9.8 2020-10-20 CVE-2020-3992

OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.

7.7 2020-10-20 CVE-2020-3982

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.

5.8 2020-10-20 CVE-2020-3981

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process.

5.3 2020-08-21 CVE-2020-3976

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

5.5 2020-06-25 CVE-2020-3971

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.

3.8 2020-06-25 CVE-2020-3970

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in the Shader functionality. A malicious actor with non-administrative local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to crash the virtual machine's vmx process leading to a partial denial of service condition.

8.2 2020-06-25 CVE-2020-3968

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

7.5 2020-06-25 CVE-2020-3967

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

7.5 2020-06-25 CVE-2020-3966

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

5.5 2020-06-25 CVE-2020-3965

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

4.7 2020-06-25 CVE-2020-3964

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

5.5 2020-06-25 CVE-2020-3963

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory.

7.8 2020-06-24 CVE-2020-3969

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

8.2 2020-06-24 CVE-2020-3962

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a use-after-free vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

3.3 2020-05-29 CVE-2020-3959

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service.

CWE : Common Weakness Enumeration

%idName
26% (11) CWE-787 Out-of-bounds Write
24% (10) CWE-125 Out-of-bounds Read
9% (4) CWE-416 Use After Free
7% (3) CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
4% (2) CWE-476 NULL Pointer Dereference
4% (2) CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory L...
4% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
2% (1) CWE-617 Reachable Assertion
2% (1) CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
2% (1) CWE-362 Race Condition
2% (1) CWE-287 Improper Authentication
2% (1) CWE-203 Information Exposure Through Discrepancy
2% (1) CWE-193 Off-by-one Error
2% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

SAINT Exploits

Description Link
VMware ESXi OpenSLP heap overflow More info here

Snort® IPS/IDS

Date Description
2018-02-20 Intel x64 side-channel analysis information leak attempt
RuleID : 45444 - Type : OS-OTHER - Revision : 2
2018-02-20 Intel x64 side-channel analysis information leak attempt
RuleID : 45443 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x64 side-channel analysis information leak attempt
RuleID : 45368 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x64 side-channel analysis information leak attempt
RuleID : 45367 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45366 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45365 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45364 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45363 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45362 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45361 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45360 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45359 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45358 - Type : OS-OTHER - Revision : 2
2018-02-06 Intel x86 side-channel analysis information leak attempt
RuleID : 45357 - Type : OS-OTHER - Revision : 2

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-12 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2018_0027.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote device is missing a vendor-supplied security patch.
File: f5_bigip_SOL91229003.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201810-06.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: A virtualization application installed on the remote macOS or Mac OS X host i...
File: macosx_fusion_vmsa_2018_0026.nasl - Type: ACT_GATHER_INFO
2018-09-18 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1236.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0098.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0011.nasl - Type: ACT_GATHER_INFO
2018-07-20 Name: The remote Debian host is missing a security update.
File: debian_DLA-1423.nasl - Type: ACT_GATHER_INFO
2018-07-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1422.nasl - Type: ACT_GATHER_INFO
2018-05-03 Name: The remote Debian host is missing a security update.
File: debian_DLA-1369.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4188.nasl - Type: ACT_GATHER_INFO
2018-05-02 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4187.nasl - Type: ACT_GATHER_INFO
2018-04-18 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-956.nasl - Type: ACT_GATHER_INFO
2018-03-29 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_1ce95bc7327811e8b52700012e582166.nasl - Type: ACT_GATHER_INFO
2018-03-27 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201803-12.nasl - Type: ACT_GATHER_INFO
2018-03-15 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0512.nasl - Type: ACT_GATHER_INFO
2018-02-27 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-057-01.nasl - Type: ACT_GATHER_INFO
2018-02-23 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4120.nasl - Type: ACT_GATHER_INFO
2018-02-22 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-956.nasl - Type: ACT_GATHER_INFO
2018-02-05 Name: The remote Virtuozzo host is missing multiple security updates.
File: Virtuozzo_VZA-2018-006.nasl - Type: ACT_GATHER_INFO
2018-01-30 Name: A web browser installed on the remote Windows host is affected by multiple se...
File: google_chrome_64_0_3282_119.nasl - Type: ACT_GATHER_INFO
2018-01-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-0151.nasl - Type: ACT_GATHER_INFO
2018-01-25 Name: The remote AIX host is missing a security patch.
File: aix_IJ03036.nasl - Type: ACT_GATHER_INFO
2018-01-25 Name: The remote AIX host is missing a security patch.
File: aix_IJ03035.nasl - Type: ACT_GATHER_INFO
2018-01-25 Name: The remote AIX host is missing a security patch.
File: aix_IJ03034.nasl - Type: ACT_GATHER_INFO