High Threat Security Alert (A24-03-04): Multiple Vulnerabilities in VMware Products


 

Published on: 06 March 2024

  
  

Description:

VMware has published a security advisory to address multiple vulnerabilities in VMware products. The details of patches can be found at:
https://www.vmware.com/security/advisories/VMSA-2024-0006.html

Reports indicate that multiple arbitrary code execution vulnerabilities (CVE-2024-22252 and CVE-2024-22253) in VMware ESXi, Fusion and Workstation are at high risk of exploitation. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks

 

Affected Systems:

  • VMware Cloud Foundation
  • VMware ESXi
  • VMware Fusion Pro / Fusion
  • VMware Workstation Pro / Player

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation could lead to arbitrary code execution, information disclosure, security restriction bypass or tampering on the affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2024-0006.html
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22252 (to CVE-2024-22255)


Tag: VMware , VMware Cloud Foundation , ESXi , VMware Fusion , VMware Workstation
Tags