{"id":33460,"date":"2024-03-12T06:18:55","date_gmt":"2024-03-12T05:18:55","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=33460"},"modified":"2024-03-12T06:19:02","modified_gmt":"2024-03-12T05:19:02","slug":"critical-vulnerabilities-in-vmware-products-march-5-2024","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/03\/12\/critical-vulnerabilities-in-vmware-products-march-5-2024\/","title":{"rendered":"Critical vulnerabilities in VMware products (March 5, 2024)"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" width=\"200\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2024\/03\/10\/kritische-schwachstellen-in-vmware-produkten\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]A short addendum from last week. I recently reported on updates to VMware products. VMware has now classified certain vulnerabilities in its virtualization products as critical in a security advisory. It should therefore be patched quickly, if not already done. Addendum: I have just seen that around 1,800 VMware ESXi installations in Germany are potentially affected.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg08.met.vgwort.de\/na\/53fad9ced55549d9a4676a2bf17c8d4b\" alt=\"\" width=\"1\" height=\"1\" \/>In my German blog post <a href=\"https:\/\/www.borncity.com\/blog\/2024\/03\/04\/vmware-produktportfolio-interna-der-lizenzierung-und-lenovo-ist-seit-27-feb-2024-raus\/\" target=\"_blank\" rel=\"noopener\">VMware Produktportfolio: Interna der Lizenzierung; und Lenovo ist seit 27. Feb. 2024 raus<\/a> I reported on updates to VMware Workstation and Player to version 17.5.1. VMware had published the <a href=\"https:\/\/docs.vmware.com\/en\/VMware-Workstation-Player\/17.5.1\/rn\/vmware-workstation-1751-player-release-notes\/index.html\" target=\"_blank\" rel=\"noopener\">release notes<\/a> here. A German blog reader pointed out the VMware Security Advisory <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2024-0006.html\" target=\"_blank\" rel=\"noopener\">2024-0006<\/a>. An update from March 5, 2024 deals with the vulnerabilities CVE-2024-22252, CVE-2024-22253, CVE-2024-22254 and CVE-2024-22255. VMware has released security updates to close these vulnerabilities in VMware ESXi, Workstation and Fusion.<\/p>\n<p>While <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2024-0005.html\" target=\"_blank\" rel=\"noopener\">CVE-2024-22251<\/a> quoted first as \"moderate\", it's now classified as \"critical\". There are now four new severe or critical CVEs: 22252, 22253, 22254, 22255 for the following VMware products:<\/p>\n<blockquote><p>ESXi, Workstation Pro\/Player, Fusion\/Pro, Cloud Foundation<\/p><\/blockquote>\n<p>und folgende Schwachstellen:<\/p>\n<ul>\n<li>Use-after-free XHCI USB controller (CVE-2024-22252)<\/li>\n<li>Use-after-free UHCI USB controller (CVE-2024-22253)<\/li>\n<li>ESXi Out-of-bounds write (CVE-2024-22254)<\/li>\n<li>Information disclosure UHCI USB controller (CVE-2024-22255)<\/li>\n<\/ul>\n<p>The vulnerability CVE-2024-22254 (Out-of-bounds write) in ESXi server allows an attacker with VMX process privileges to write outside the specified memory area (bounds), which can lead to a breakout from the sandbox.<\/p>\n<p>All ESXi versions of 6.5, 6.7, 7.0, 8.0 ; Workstation 17.x ; Fusion 13.x and VCF 3.x are affected. The colleagues from Bleeping Computer had also reported\u00a0<a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/vmware-fixes-critical-sandbox-escape-flaws-in-esxi-workstation-and-fusion\/\" target=\"_blank\" rel=\"noopener\">here<\/a> about that (I was off road and could not post that).<\/p>\n<h2>Vulnerability CVE-2024-22252 affects systems<\/h2>\n<p>ShadowServer has published statistics on ESXi systems that are vulnerable to the CVE-2024-22252 vulnerability. The <a href=\"https:\/\/twitter.com\/Shadowserver\/status\/1767031207534252200\" target=\"_blank\" rel=\"noopener\">tweet<\/a> reads:<\/p>\n<blockquote><p><span class=\"css-1qaijid r-bcqeeo r-qvutc0 r-poiln3\">We are scanning &amp; sharing VMware ESXi instances which have vulnerabilities that could allow a malicious actor with local admin privileges to escape sandbox protections &#8211; <\/span><a class=\"css-1qaijid r-bcqeeo r-qvutc0 r-poiln3 r-1loqt21\" dir=\"ltr\" role=\"link\" href=\"https:\/\/t.co\/RCSKJLXDHX\" target=\"_blank\" rel=\"noopener noreferrer nofollow\"><span class=\"css-1qaijid r-bcqeeo r-qvutc0 r-poiln3 r-qlhcfr r-qvk6io\" aria-hidden=\"true\">https:\/\/<\/span>vmware.com\/security\/advis<span class=\"css-1qaijid r-bcqeeo r-qvutc0 r-poiln3 r-qlhcfr r-qvk6io\" aria-hidden=\"true\">ories\/VMSA-2024-0006.html<\/span><span class=\"css-1qaijid r-bcqeeo r-qvutc0 r-poiln3 r-lrvibr\" aria-hidden=\"true\">\u2026<\/span><\/a><span class=\"css-1qaijid r-bcqeeo r-qvutc0 r-poiln3\"> Tagged as \"cve-2024-22252\". Based on version checks, we see ~16.5K vulnerable.<\/span><\/p><\/blockquote>\n<p>In the USA are about 1,022 VMware ESXi systems <a href=\"https:\/\/dashboard.shadowserver.org\/statistics\/combined\/map\/?map_type=std&amp;day=2024-03-09&amp;source=http_vulnerable&amp;source=http_vulnerable6&amp;tag=cve-2024-22252%2B&amp;geo=all&amp;data_set=count&amp;scale=log\" target=\"_blank\" rel=\"noopener\">potentially affected<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A short addendum from last week. I recently reported on updates to VMware products. VMware has now classified certain vulnerabilities in its virtualization products as critical in a security advisory. It should therefore be patched quickly, if not already done. &hellip; <a href=\"https:\/\/borncity.com\/win\/2024\/03\/12\/critical-vulnerabilities-in-vmware-products-march-5-2024\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22,1218],"tags":[69,195,1710],"class_list":["post-33460","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","category-virtualization","tag-security","tag-update","tag-vmware"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/33460","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=33460"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/33460\/revisions"}],"predecessor-version":[{"id":33461,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/33460\/revisions\/33461"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=33460"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=33460"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=33460"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}