Security Advisory

VMware Family Security Update Advisory (CVE-2024-22273, CVE-2024-22274)

  • Jul 11 2024

Overview
 

An update has been made available to fix vulnerabilities in the VMware family of products. Users of affected versions are advised to update to the latest version.

Affected Products

 

CVE-2024-22273

  • VM ware ESXi version: 7.0
  • VM ware ESXi version: 8.0

 

  • VM ware Workstation version: 17.X
  • VM ware Fusion version: 13.X

 

CVE-2024-22274

  • VM ware vCenter Server version: 8.0
  • VM ware vCenter Server version: 7.0

 

  • VM ware Cloud Foundation version: 5.X
  • VM ware Cloud Foundation version: 4.X

 

Resolved Vulnerabilities

 

Vulnerability in VMware ESXi, Workstation, and Fusion storage controllers allows malicious users to execute arbitrary code on the hypervisor or cause denial of service via out-of-bounds read/write operations within virtual machines.(CVE-2024-22273)
Remote code execution vulnerability that could allow malicious actors with administrator privileges to the vCenter appliance shell to execute arbitrary commands on the underlying operating system (CVE-2024-22274)

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

 

CVE-2024-22273

 

  • Update based on /Patch Download and Installation from Referenced Sites[2]
  • Update based on /Patch Download and Installation from Referenced Sites[3]

 

  • VM ware Workstation Version: 17.5.1
  • VM ware Fusion Version: 13.5.1

 

CVE-2024-22274

  • VM ware vCenter Server Version: 8.0 U2b
  • VM ware vCenter Server Version: 7.0 U3q

 

  • VM ware Cloud Foundation Version: 5.1.1
  • Updates based on Referenced Sites [5]

 

Referenced Sites

[1] CVE-2024-22273 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-22273

[2] VMware ESXi 7.0 Update 3q Release Notes

https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3q-release-notes/index.html#Patches%20Contained%20in%20This%20Release

[3] VMware ESXi 8.0 Update 2b Release Notes

https://docs.vmware.com/en/VMware-vSphere/8.0/rn/vsphere-esxi-80u2b-release-notes/index.html

[4] CVE-2024-22274 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-22274

[5] Applying individual product updates to VMware Cloud Foundation environments using Async Patch Tool (AP Tool)

https://knowledge.broadcom.com/external/article?legacyId=88287

Tags:

Previous Post

Next Post