Many Vulnerabilities has been patched in Vmware, could allow an attacker to exploit all system

Affected product:

VMware ESXi
VMware Workstation Pro / Player (Workstation)
VMware Fusion Pro / Fusion (Fusion)
VMware Cloud Foundation

Multiple vulnerabilities in VMware ESXi, Workstation and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
Saturday, November 21, 2020, 10:22 GMT

There is a privilege-escalation flaw in VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) that occurs in the way certain device calls are handled.

A malicious agent with privileges will escalate their privileges on the affected device inside the VMX mechanism only.

Only when chained with another flaw (e.g. CVE-2020-4004) is effective exploitation of this problem feasible.


Update Vmware to lastest versions, and scan your system


VMware ESXi 7.0 ESXi70U1b-17168206
Downloads and Documentation:

VMware ESXi 6.7 ESXi670-202011101-SG
Downloads and Documentation:

VMware ESXi 6.5 ESXi650-202011301-SG
Downloads and Documentation:

VMware Workstation Pro 15.5.7
Downloads and Documentation:

VMware Workstation Player 15.5.7
Downloads and Documentation:

VMware Fusion 11.5.7
Downloads and Documentation:

Mitre CVE Dictionary Links:

FIRST CVSSv3 Calculator:
CVE-2020-4004 –
CVE-2020-4005 –