VMware patches serious vulnerabilities affecting its ESXi hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a few severe security holes.
During the Tianfu Cup Pwn Contest that was held in China, Xiao Wei and Tianwen Tang, two researchers from the Qihoo 360 Vulcan Team, exploited two previously unknown vulnerabilities – CVE-2020-4004 and CVE-2020-4005 – to compromise VMWare’s ESXi hypervisor thoroughly
Read More: Tackling the Ransomware Attacks and the Measures to Prevent Them
The company has also released security updates for both supported branches of SD-WAN Orchestrator, its enterprise solution for provisioning virtual services in the cloud, or the enterprise data center.
The vulnerabilities are not believed to be critical, as attackers need to be authenticated to exploit them.
Source: helpnetsecurity
