VMware Releases Security Advisory for Multiple Products - 20240307002

Overview

VMware released a security advisory to address multiple vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.

What is vulnerable?

Product(s) Affected	Severity	Version	CVEs	CVSS	Dated
VMware ESXi	Critical	7.0, 8.0	- CVE-2024-22252 - CVE-2024-22253 -CVE-2024-22254 - CVE-2024-22255	-Vmware 9.3 -Vmware 9.3 -Vmware 7.9 -Vmware 7.1	5 Mar, 2024
VMware Workstation Pro / Player (Workstation)	Critical	17.x	- CVE-2024-22252 - CVE-2024-22253 - CVE-2024-22255	-Vmware 9.3 -Vmware 9.3 -Vmware 7.1	5 Mar, 2024
VMware Fusion Pro / Fusion (Fusion)	Critical	13.x	- CVE-2024-22252 - CVE-2024-22253 -CVE-2024-22255	-Vmware 9.3 -Vmware 9.3 -Vmware 7.1	5 Mar, 2024
VMware Cloud Foundation (Cloud Foundation)	Critical	5.x/4.x	- CVE-2024-22252 - CVE-2024-22253 - CVE-2024-22254 - CVE-2024-22255	-Vmware 9.3 -Vmware 9.3 -Vmware 7.9 -Vmware 7.1	5 Mar, 2024

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe (refer Patch Management):

• VMware advisory VMSA-2024-0006.1

Additional References

• CISA - VMware Releases Security Advisory for Multiple Products