- 144/2024
- Critical
VMware has released a security update to address multiple vulnerabilities in VMware Workstation and Fusion.
The addressed vulnerabilities could allow the attacker to overflow a buffer, obtain sensitive information, or execute arbitrary code and gain access to the affected system.
Sample of the addressed vulnerabilities:
1. VMware Workstation and Fusion Vbluetooth Code Execution (CVE-2024-22267):
- CVSS: 9.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware Workstation and Fusion Information Disclosure (CVE-2024-22269):
- CVSS: 7.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
It should be highlighted that VMware is aware that the three zero-day vulnerabilities have been exploited during the Pwn2Own Vancouver 2024 hacking contest.
Vulnerabilities
- CVE-2024-22267
- CVE-2024-22268
- CVE-2024-22269
- CVE-2024-22270
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.