January 17, 2021

SpywareNews.com

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Public ICS Disclosures – Week of 11-21-20

We have one vendor disclosure from VMware. There is also an
exploit report for products from Ruckus Wireless.

VMware Advisory

VMware published an advisory
describing two vulnerabilities in their VMware ESXi, Workstation and Fusion.
The vulnerabilities were reported by Xiao Wei and Tianwen Tang (VictorV) of
Qihoo 360 Vulcan Team. VMware has new versions that mitigate the
vulnerabilities. There is no indication that the researchers have been provided
an opportunity to verify the efficacy of the fix.

The two reported vulnerabilities are:

• Use-after-free – CVE-2020-4004,
and

• Elevation of privilege – CVE-2020-4005

NOTE: These vulnerabilities were discovered as part of the 2020
Tianfu Cup Pwn Contest.

Ruckus Exploit

Juan Manuel Fernandez published an exploit for the Ruckus IoT Controller
(vRIoT). This vulnerability was reported earlier by Adepts of 0xCC and addressed
by Ruckus.