Security Threat | VMware Virtual Appliances OS

Subscribe to the blog to receive the latest articles

VMware has announced this security advisory on 29/11/2018.

Advisory ID: VMSA-2018-0021

Severity: Moderate

CVENUmber : CVE-2018-3620

Symptoms: OS vulnerability in VMware Virtual Appliances.

Affected products:

vCloud Usage Meter (UM)
Identity Manager (vIDM)
vCenter Server Appliance (vCSA)
vSphere Data Protection (VDP)
vSphere Integrated Containers (VIC)
vRealize Automation (vRA)

Problem Description:

VMware Virtual Appliance Mitigations address L1 Terminal Fault – OS vulnerability. Successful exploitation of this issue may lead to local information disclosure of sensitive information. Unaffected products lines are documented in KB55807.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-3620 to this issue.

Solution

Apply the relevant patch to the product you have.

Download links

vCenter Server Appliance 6.7u1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VC67U1&productId=742&rPId=28531

vCenter Server Appliance 6.5u2d
Downloads and Documentation:
https://my.vmware.com/group/vmware/details?productId=614&rPId=28806&downloadGroup=VC65U2D

vSphere Integrated Containers 1.4.3
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?productId=749&rPId=27736&downloadGroup=VIC143

vRealize Automation 7.5.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VRA-750&productId=797&rPId=26779

For more information visit the advisory VMSA-2018-0021 page.