- 157/2024
- High
VMware has released a security update to address several vulnerabilities across multiple VMware products.
The addressed vulnerabilities could allow the attacker to obtain sensitive information, cause out-of-bounds read/write flaws, or execute arbitrary code and gain access to the affected system by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. VMware ESXi, Workstation, Fusion, and Cloud Foundation Code Execution Vulnerability (CVE-2024-22273):
- CVSS: 8.1
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware vCenter Server and Cloud Foundation Command Execution Vulnerability (CVE-2024-22274):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Affected products:
- VMware ESXi.
- VMware vCenter Server (vCenter Server).
- VMware Cloud Foundation (Cloud Foundation).
- VMware Workstation Pro / Player (Workstation).
- VMware Fusion.
Vulnerabilities
- CVE-2024-22273
- CVE-2024-22274
- CVE-2024-22275
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.