March 13, 2024
Several critical vulnerabilities affecting VMware ESXi, Workstation Pro & Player, and Fusion products have been detected and identified as CVE-2024-22252, CVE-2024-22253 – Information Disclosure and Privilege Escalation, CVE-2024-22254 – Out-of-Bounds Write Vulnerability, CVE-2024-22255 – Information Disclosure.
Potential vulnerabilities that have been identified could allow unauthorized parties and attackers to gain elevated privileged access, including root and administrator access, to a guest operating system. This could then be used to gain access to the underlying hypervisor host machine, network, and memory. Due to the nature of our systems, this advisory will focus specifically on ESXi systems.
Considering the potential impact on our customers’ environments, Montelektro will continue to monitor security advisories published by the vendors regarding the components used in our IT infrastructure and PCS solutions.
Therefore, we strongly advise our customers to review the attached document and take necessary actions carefully. In case of system affection, the clients are kindly asked to promptly consider applying patches to mitigate the risks associated with these vulnerabilities.
The complete security advisory can be found at the following link:
KB1011 – VMSA-2024-0006.1 Multiple vulnerabilities in VMware ESXi, Workstation and Fusion.pdf