VMWare Critical Security Updates - 20221214001

Overview

VMware has released security updates to address multiple vulnerabilities in multiple products. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

What is the threat?

VMWare have confirmed forms of compromise include:

• Command injection
• Directory traversal
• Heap out-of-bounds write

What is the vulnerability?

The WA SOC encourages agencies to review the following VMware Security Advisories and apply the necessary updates:

1. VMSA-2022-0031

2. VMware vRealize Network Insight (vRNI)

3. VMSA-2022-0033

4. VMware ESXi

5. VMware Workstation Pro / Player (Workstation)
6. VMware Fusion Pro / Fusion (Fusion)
7. VMware Cloud Foundation

What has been observed ?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Reference

• VMWare Security Advisories: https://www.vmware.com/security/advisories.html