overview
VMware has released critical updates addressing four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) across its product range. These vulnerabilities could potentially allow attackers to escape the sandbox and execute code on a host machine.
CVE-2024-22252 (CVSS 9.3) and CVE-2024-22253 (CVSS 9.3) are use-after-free vulnerabilities affecting VMware ESXi, Workstation, and Fusion, specifically in the XHCI and UHCI USB controllers. Exploitation of these flaws could lead to code execution, with potential impacts on both virtual machines and host systems.
Additionally, CVE-2024-22254 (CVSS 7.9), an out-of-bounds write vulnerability in VMware ESXi, could allow attackers to escape the sandbox.
Lastly, CVE-2024-22255 (CVSS 7.1), an information disclosure vulnerability in the UHCI USB controller, could be exploited by attackers with administrative access to virtual machines to leak memory from the vmx process. Although there are no reports of the vulnerabilities being exploited in the wild, the potential for exploitation is still high. Avertium recommends applying the necessary updates as soon as possible.
INDICATORS OF COMPROMISE (IoCs)
At this time, there are no known IoCs associated with the above vulnerabilities. Avertium remains vigilant in locating IoCs for our customers. Should any be located, Avertium will disclose them as soon as possible. For more information on how Avertium can help protect your organization, please reach out to your Avertium Service Delivery Manager or Account Executive.
SUPPORTING DOCUMENTATION