We have one vendor disclosure from VMware. There is also an exploit report for products from Ruckus Wireless.
VMware Advisory
VMware published an advisory describing two vulnerabilities in their VMware ESXi, Workstation and Fusion. The vulnerabilities were reported by Xiao Wei and Tianwen Tang (VictorV) of Qihoo 360 Vulcan Team. VMware has new versions that mitigate the vulnerabilities. There is no indication that the researchers have been provided an opportunity to verify the efficacy of the fix.
The two reported vulnerabilities are:
• Use-after-free - CVE-2020-4004,
and
• Elevation of privilege - CVE-2020-4005
NOTE: These vulnerabilities were discovered as part of the 2020 Tianfu Cup Pwn Contest.
Ruckus Exploit
Juan Manuel Fernandez published an exploit [corrected link; 11-29-20 0740 EST] for the Ruckus IoT Controller
(vRIoT). This vulnerability was reported earlier by Adepts of 0xCC and addressed
by Ruckus.
No comments:
Post a Comment