VMware vCenter/ESXi/Workstation Security Advisory: Multiple CVEs (Privilege Escalation, DoS, OpenSSL)

Key Information Vulnerability Description Notification ID: 23471 Status: Closed (CLOSED) Severity: High (HIGH) Affected CVE IDs: CVE-2014-8370, CVE-2015-1043, CVE-2015-1044 CVSS Base Score: CVSS Base Score Affected Products VMware vCenter Server, ESXi, Workstation, Player, and Fusion Vulnerability List 1. ESXi, Workstation, Player, and Fusion Host Privilege Escalation Vulnerability - An arbitrary file write issue exists, which may allow privilege escalation. - The vulnerability does not allow privilege escalation from guest operating system to host operating system or vice versa. 2. Workstation, Player, and Fusion Denial of Service Vulnerability - An input validation issue exists in the host-guest file system (HGFS), which may lead to denial of service on the guest operating system. 3. ESXi, Workstation, and Player Denial of Service Vulnerability - An input validation issue exists in the VMware authentication process (vmware-authd), which may lead to denial of service on the host. 4. Update OpenSSL 1.0.1 and 0.9.8 Packages for vCenter Server and ESXi - Update OpenSSL libraries to version 1.0.1j or 0.9.8zc to address multiple security issues. 5. Update ESXi libxml2 Package - Update libxml2 library to version 2-2.7.6-17 to address security issues. Vulnerability Remediation Provides remediation versions and patch links for multiple products, including Workstation, Player, Fusion, vCenter Server, and ESXi across different versions. References Links to detailed CVE information. Contact Information Lists VMware’s security advisory mailing list, official email address, and policy links.

Goal Reached Thanks to every supporter — we hit 100%!

VMware vCenter/ESXi/Workstation Security Advisory: Multiple CVEs (Privilege Escalation, DoS, OpenSSL)