Share This:

Cybersecurity Threat Advisory

VMware has released updates addressing four security flaws in ESXi, Workstation, and Fusion. Two out of the four flaws, CVE-2024-22252 and CVE-2024-22253, were identified as critical with CVSS scores of 9.3 for Workstation/Fusion and 8.4 for ESXi. This Cybersecurity Threat Advisory explores the risks and methods to limit risk exposure.

What is the threat?

The vulnerabilities in VMware’s ESXi, Workstation, and Fusion pose a severe threat that allows potential sandbox escapes. Attackers could exploit them to gain unauthorized access to sensitive information and execute malicious code. There are four vulnerabilities, all critically rated with CVSS v3 scores ranging from 7.1 to 9.3.

  1. CVE-2024-22252 and CVE-2024-22253:
    • Flaw Type: Use-after-free bugs in USB controllers (XHCI and UHCI).
    • Affected Systems: Workstation, Fusion, and ESXi.
    • Risk: Requires local admin privileges; could allow attackers to run code on the host machine.
  2. CVE-2024-22254:
    • Flaw Type: Out-of-bounds write flaw in ESXi.
    • Risk: Allows attackers with VMX process privileges to write beyond the designated memory area, potentially leading to sandbox escape.
  3. CVE-2024-22255:
    • Flaw Type: Information disclosure in UHCI USB controller.
    • Affected Systems: ESXi, Workstation, and Fusion.
    • Risk: Allows a malicious actor with administrative access to a virtual machine to leak memory from the VMX process.

Why is it noteworthy?

These vulnerabilities are significant as successful exploitation may lead to unauthorized access, data breaches, and the execution of malicious activities within critical systems. Given VMware’s prevalence, the impact could be far-reaching.

What is the exposure or risk?

Organizations using VMware’s ESXi, Workstation, and Fusion may face unauthorized access, data breaches, and potential compromises to the confidentiality and availability of critical systems. The risk is heightened by the ability to escape sandboxes, allowing attackers to circumvent established security measures.

What are the recommendations?

Barracuda MSP recommends the following actions to limit the impact of being affected by this breach:

  1. Immediate patching: Apply the security patches released by VMware without delay to mitigate the identified vulnerabilities.
  2. Continuous monitoring: Implement continuous monitoring of network traffic and system logs to detect and respond to any unusual or malicious activities.
  3. Incident response planning: Ensure incident response plans are up-to-date and incorporate specific measures to address potential compromises related to virtualized environments.

References

For more in-depth information about the recommendations, please visit the following link:

If you have any questions regarding this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Sana Ansari

Posted by Sana Ansari

Sana is a Cybersecurity Analyst at Barracuda MSP. She's a security expert, working on our Blue Team within our Security Operations Center. Sana supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *