==================================================================== CERT-Renater Note d'Information No. 2020/VULN232 _____________________________________________________________________ DATE : 29/04/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware ESXi versions prior to 7.0. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2020-0008.html _____________________________________________________________________ VMware Security Advisories Advisory ID VMSA-2020-0008 Advisory Severity Important CVSSv3 Range 8.3 Synopsis VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955) Issue Date 2020-04-28 Updated On 2020-04-28 (Initial Advisory) CVE(s) CVE-2020-3955 1. Impacted Products VMware ESXi 2. Introduction A Stored Cross-Site Scripting (XSS) vulnerability in VMware ESXi was privately reported to VMware. Patches are available to address this vulnerability in affected VMware products. 3. VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3955) Description: The VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3. Known Attack Vectors: A malicious actor with access to modify the system properties of a virtual machine from inside the guest os (such as changing the hostname of the virtual machine) may be able to inject malicious script which will be executed by a victim's browser when viewing this virtual machine via the ESXi Host Client. Resolution: To remediate CVE-2020-3955 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds: None. Additional Documentation: None. Notes: None. Acknowledgements: VMware would like to thank Benny Husted and DAWUSHI for independently reporting this issue to us. Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documentation ESXi 7.0 Any CVE-2020-3955 N/A N/A Unaffected N/A N/A ESXi 6.7 Any CVE-2020-3955 8.3 Important ESXi670-202004103-SG None None ESXi 6.5 Any CVE-2020-3955 8.3 Important ESXi650-201912104-SG None None 4. References Fixed Version(s) and Release Notes: VMware ESXi 6.7 ESXi670-202004103-SG https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202004002.html VMware ESXi 6.5 ESXi650-201912104-SG https://my.vmware.com/group/vmware/patch https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-201912002.html Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3955 FIRST CVSSv3 Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H 5. Change log 2020-04-28 VMSA-2020-0008 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2020 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================