Critical VMware Vulnerabilities Let Attackers Execute Code & Trigger DOS

VMware, a leading virtualization and cloud computing software provider, has issued patches for several critical and important vulnerabilities affecting its ESXi, Workstation, Cloud Foundation, and Fusion products.

If exploited, these vulnerabilities could allow attackers to execute malicious code on host systems from within a virtual machine, posing significant security risks to millions of organizations worldwide.

Out-of-Bounds Read/Write Vulnerability (CVE-2024-22273)

One of the critical vulnerabilities identified is an out-of-bounds read/write issue affecting the storage controllers on VMware ESXi, Workstation, and Fusion.

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.1.

A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.

VMware vCenter Server Remote Code Execution Vulnerability (CVE-2024-22274)

Another significant vulnerability is an authenticated remote code execution issue in the VMware vCenter Server. This vulnerability has been rated with a maximum CVSSv3 base score of 7.2, placing it in the Important severity range.

A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

VMware vCenter Server Partial File Read Vulnerability (CVE-2024-22275)

Additionally, VMware vCenter Server has a partial file read vulnerability, which has been evaluated to be in the Moderate severity range with a maximum CVSSv3 base score of 4.9.

This vulnerability allows a malicious actor with administrative privileges on the vCenter appliance shell to read arbitrary files containing sensitive data partially.

Recommendations and Mitigations

Broadcom strongly recommends that all users apply the necessary patches to mitigate these vulnerabilities. The company has provided detailed guidance on its security advisory page, including links to the patches and additional documentation for affected products.

Organizations are advised to review their security posture and ensure that all VMware products are updated to the latest versions to protect against potential exploitation.

In environments where immediate patching is not feasible, VMware suggests implementing workarounds, such as removing USB controllers from virtual machines, although these may impact functionality and are not considered long-term solutions.

The discovery of these vulnerabilities underscores the importance of maintaining up-to-date security measures and promptly applying patches to mitigate risks.

Broadcom’s proactive approach in addressing these issues highlights its commitment to ensuring the security and integrity of its products and the environments they operate in.

ANYRUN malware sandbox’s 8th Birthday Special Offer: Grab 6 Months of Free Service

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.