VMware Family February 2024 Round 1 Security Update Advisory

Overview

 

VMware(https://www.vmware.com) has released a security update that addresses vulnerabilities in products it has been made. Users of affected products are encouraged to update to the latest version.

 

Affected Products

 

VMware VMware Enhanced Authentication Plug-in (EAP) Any version

 

Resolved Vulnerabilities

 

Arbitrary Authentication Relay and Session Hijacking Vulnerability in VMware Enhanced Authentication Plug-in (EAP).(CVE-2024-22245)

Session Hijacking Vulnerability in VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22250)

 

 

Vulnerability Patches

 

The following product-specific vulnerability patches were made available in the 02/20/2024 update

VMware VMware Enhanced Authentication Plug-in (EAP) KB96442 Version [2]

 

Referenced Sites

 

[1] Addressing Arbitrary Authentication Relay and Session Hijack Vulnerabilities in Deprecated VMware Enhanced Authentication Plug-in (EAP) (CVE-2024-22245, CVE-2024-22250)

Https://www.vmware.com/security/advisories/VMSA-2024-0003.html

[2] https://kb.vmware.com/s/article/96442