Description

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)

Related CPE's

a

vmware

cloud_foundation

2

o

vmware

esxi

179

References

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

PatchVendor Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 · High

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2020-11-20T19:15:13.287Z

5 years ago

Last modified

2025-10-31T10:44:38.620Z

4 months ago