Aperçu
A use-after-free vulnerability in OpenSLP component of VMware ESXi allows remote code execution. The vulnerability is caused by improper memory management and can be exploited by attackers with network access to port 427 (SLP service). This is a critical vulnerability affecting multiple ESXi versions. La vulnérabilité a été divulguée le October 20, 2020. CISA a identifié CVE-2020-3992 comme étant exploitée et est connue pour être utilisée dans des campagnes de rançongiciel.
Détails techniques
The OpenSLP service in VMware ESXi contains a use-after-free vulnerability caused by improper memory management. An attacker with network access to the SLP service (port 427) can send specially crafted requests that trigger the use-after-free condition, allowing execution of arbitrary code with root privileges in the hypervisor context.
La vulnérabilité est classifiée comme CWE-416 (Use After Free) etCWE-401 (Missing Release of Memory after Effective Lifetime) .
La vulnérabilité a reçu un score de base CVSS v3.1 de 9.8 (CRITICAL) avec la chaîne vectorielle CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indiquant sa nature critical.
Impact
Successful exploitation allows an unauthenticated attacker to execute arbitrary code with root privileges on the ESXi hypervisor. This could lead to complete compromise of the virtualization platform, including access to all virtual machines, sensitive data, and the ability to modify or delete VMs. The attacker can establish persistent access, exfiltrate data, launch attacks against hosted virtual machines, and disrupt availability of the entire virtualization infrastructure.
Mitigation et contournements
1. Access the VMware ESXi host via SSH or vSphere Client 2. Download the appropriate security patch from VMware's security updates page 3. Put ESXi host in maintenance mode 4. Apply the patch using 'esxcli software vib install' command or vSphere Update Manager 5. Reboot the ESXi host to complete the installation 6. Exit maintenance mode Example: esxcli software vib install -d /path/to/patch.zip Les versions suivantes incluent les correctifs nécessaires : ESXi 7.0.1-0.0.16850804 and later, ESXi 6.7 Update 3 (6.7U3) and later, ESXi 6.5 Update 3 (6.5U3) and later.
Comme contournements temporaires : restrict network access to port 427 (slp service) at the network perimeter using firewall rules. limit access to only trusted management networks.; disable the slp service if not required in the environment. however, this may impact service discovery and advanced features., et implement network segmentation to isolate esxi management traffic from untrusted networks..
Recommandation de CISA : Apply updates per vendor instructions.
Ressources additionnelles
Source : Ce rapport a été généré par IA
