# VMware's Service Provider Portal - Critical Bug



## HanaBi (Apr 1, 2019)

Just an advisory for anyone running their own virtualization arena (myself included) via VMWare, and in particular their ESXi, Workstation and Fusion platforms . There is a vulnerability in their software that could be exploited through the Tenant or Provider Portals by impersonating a currently logged in session.

VMWare warned - "Exploitation of these issues requires an attacker to have access to a virtual machine with a virtual USB controller present. These issues may allow a guest to execute code on the host." 

Patches are available from the link below



VMSA-2019-0004


----------

