overview

VMware has released critical updates addressing four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) across its product range. These vulnerabilities could potentially allow attackers to escape the sandbox and execute code on a host machine.  

CVE-2024-22252 (CVSS 9.3) and CVE-2024-22253 (CVSS 9.3) are use-after-free vulnerabilities affecting VMware ESXi, Workstation, and Fusion, specifically in the XHCI and UHCI USB controllers. Exploitation of these flaws could lead to code execution, with potential impacts on both virtual machines and host systems. 

Additionally, CVE-2024-22254 (CVSS 7.9), an out-of-bounds write vulnerability in VMware ESXi, could allow attackers to escape the sandbox.  

Lastly, CVE-2024-22255 (CVSS 7.1), an information disclosure vulnerability in the UHCI USB controller, could be exploited by attackers with administrative access to virtual machines to leak memory from the vmx process. Although there are no reports of the vulnerabilities being exploited in the wild, the potential for exploitation is still high. Avertium recommends applying the necessary updates as soon as possible.  

 

 

avertium's recommendationS

  • Users should immediately apply the patches provided by VMware to remediate the identified vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) across affected VMware products, including ESXi, Workstation, Fusion, and Cloud Foundation. Patches have been provided for the following:  
    • ESXi v7.0 
    • ESXi v8.0 
    • Workstation v17.x 
    • Fusion v13.x (macOS) 
    • Cloud Foundation (VCF) v5.x/4.x 
    • ESXi 6.7 (6.7U3u) – end-of-life version 
    • 6.5 (6.5U3v) – end-of-life version  
    • VCF 3.x. – end-of-life version  
  • VMware has provided detailed instructions for remediation and workarounds in their security advisory (VMSA-2024-0006.1). 
  • Restrict administrative privileges on virtual machines to minimize the potential impact of exploitation.

 

 

INDICATORS OF COMPROMISE (IoCs)

At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.   

 

 

How Avertium is Protecting Our CUSTOMERS

  • Fusion MXDRis the first MDR offering that fuse together all aspects of security operations into a living, breathing, threat-resistant XDR solution. By fusing insights from threat intelligence, security assessments, and vulnerability management into our MDR approach, Fusion MXDR offers a more informed, robust, and cost-effective approach to cybersecurity – one that is greater than the sum of its parts. 
  • We highly value your feedback. Kindly spare a moment to complete our feedback form, allowing us to enhance our services for our valued customers. 





 

SUPPORTING DOCUMENTATION

VMSA-2024-0006.1 (vmware.com) 

 
Chat With One of Our Experts



VMWare vulnerability Flash Notice VMware Critical Vulnerability Blog