Since a long time, many of security experts said that it may be possible to access to the ESXi shell trought a VM. No one had the ability to demonstrate this. This time is ended.
During the “GeekPwn2018”, Zhangyanyu from ChaitinTech company demonstrates this critical vulnerabilitie.
He get the skill to demonstrate how to do it, here a quick video from Julien Mousqueton’s Channel :
He used memory stack uninitialized in vmxnet3 to put code and execute it on the host. If you are using E1000 no issue with it.
If you need further details on this, you may check the official communication from VMware:
https://www.vmware.com/security/advisories/VMSA-2018-0027.html
In order to solve this vulnerabilitie, you’ll need to install ESXi670-201811401-BG patch.