Many Vulnerabilities has been patched in Vmware, could allow an attacker to exploit all system

Affected product:

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation

Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
Saturday, November 21, 2020, 10:22 GMT

There is a privilege-escalation flaw in VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) that occurs in the way certain device calls are handled.

A malicious agent with privileges will escalate their privileges on the affected device inside the VMX mechanism only.

Only when chained with another flaw (e.g. CVE-2020-4004) is effective exploitation of this problem feasible.

Solution:

Update Vmware to lastest versions, and scan your system

References

VMware ESXi 7.0 ESXi70U1b-17168206
Downloads and Documentation:
my.vmware.com/group/vmware/patch
docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u1b.html

VMware ESXi 6.7 ESXi670-202011101-SG
Downloads and Documentation:
my.vmware.com/group/vmware/patch
docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202011002.html

VMware ESXi 6.5 ESXi650-202011301-SG
Downloads and Documentation:
my.vmware.com/group/vmware/patch
docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202011002.html

VMware Workstation Pro 15.5.7
Downloads and Documentation:
www.vmware.com/go/downloadworkstation
docs.vmware.com/en/VMware-Workstation-Pro/index.html

VMware Workstation Player 15.5.7
Downloads and Documentation:
www.vmware.com/go/downloadplayer
docs.vmware.com/en/VMware-Workstation-Player/index.html

VMware Fusion 11.5.7
Downloads and Documentation:
www.vmware.com/go/downloadfusion
docs.vmware.com/en/VMware-Fusion/index.html

Mitre CVE Dictionary Links:
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4004
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4005

FIRST CVSSv3 Calculator:
CVE-2020-4004 – www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2020-4005 – 
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H