Subscribe to the blog to receive the latest articles
VMware has announced this security advisory on 29/11/2018.
Advisory ID: VMSA-2018-0021
Severity: Moderate
CVENUmber : CVE-2018-3620
Symptoms: OS vulnerability in VMware Virtual Appliances.
Affected products:
- vCloud Usage Meter (UM)
- Identity Manager (vIDM)
- vCenter Server Appliance (vCSA)
- vSphere Data Protection (VDP)
- vSphere Integrated Containers (VIC)
- vRealize Automation (vRA)
Problem Description:
VMware Virtual Appliance Mitigations address L1 Terminal Fault – OS vulnerability. Successful exploitation of this issue may lead to local information disclosure of sensitive information. Unaffected products lines are documented in KB55807.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3620 to this issue.
Solution
Apply the relevant patch to the product you have.
Download links
vCenter Server Appliance 6.7u1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VC67U1&productId=742&rPId=28531
vCenter Server Appliance 6.5u2d
Downloads and Documentation:
https://my.vmware.com/group/vmware/details?productId=614&rPId=28806&downloadGroup=VC65U2D
vSphere Integrated Containers 1.4.3
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=749&rPId=27736&downloadGroup=VIC143
vRealize Automation 7.5.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VRA-750&productId=797&rPId=26779
For more information visit the advisory VMSA-2018-0021 page.
Leave a Reply