- 283/2024
- Medium
VMware has released a security update to address several vulnerabilities across multiple VMware products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges (obtain permissions from a separate group role than previously assigned), perform spoofing attacks, or execute arbitrary code by crafting malicious payloads on the operating system as root.
Sample of the addressed vulnerabilities:
1. Broadcom VMware NSX Local Privilege Escalation (CVE-2024-38818):
- CVSS: 6.7
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Privileges
2. Broadcom VMware NSX Code Execution Vulnerability (CVE-2024-38817):
- CVSS: 6.7
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
Affected products:
- VMware NSX.
- VMware Cloud Foundation.
Vulnerabilities
- CVE-2024-38815
- CVE-2024-38817
- CVE-2024-38818
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.