The command injection vulnerability has a CVSS score of 9.1 out of 10. It’s unclear if the vulnerability is under active attack. The vulnerability was discovered by Qihoo 360 Vulcan Team at the 2020 Tianfu Cup Pwn Contest held earlier this month. The company said patches for the flaw are “forthcoming,” it didn’t specify an exact date by when it’s expected to be released. The workaround applies only to the administrative configurator service hosted on port 8443.
Source: https://thehackernews.com/2020/11/critical-unpatched-vmware-flaw-affects.html