ESXi Güvenlik Açığı, ESXi 6.5, 6.7 ve 7.0 versiyonlarını etkileyen, kritiklik derecesi 9.8/10 olan bir güvenlik açığı tespit edildi. Aşağıdaki linkleri inceleyip en kısa zamanda workaround’u uygulamanızı veya ilgili patch i geçmenizi tavsiye ediyorum.
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
ESXi OpenSLP remote code execution vulnerability (CVE-2020-3992)
Description
OpenSLP as used in ESXi has a use-after-free issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
Known Attack Vectors
A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
Workaround (Sadece ESXi Host lar için):