VMware

VMSA-2024-0006

Leave a comment

VMware Security Advisory VMSA-2024-0006: Critical Vulnerabilities in ESXi, Workstation, Fusion, and Cloud Foundation

VMware has recently disclosed a slew of critical vulnerabilities affecting its mainline products, including ESXi, Workstation, Fusion, and Cloud Foundation. The vulnerabilities are serious enough that VMware is urging administrators to apply patches without delay to protect their environments from potential attackers with local administrative privileges. In this blog post, we’ll dive deep into the disclosed vulnerabilities, understand their implications, and provide guidance on how to mitigate them.

Disclosed Vulnerabilities

———————–

VMware Security Advisory VMSA-2024-0006 highlights three critical vulnerabilities in several key VMware products:

1. Use-after-free issues in the XHCI and UHCI USB controllers. These vulnerabilities could allow a malicious actor with local administrative privileges to execute code on the host system.

2. An out-of-bounds write vulnerability in VMware ESXi. This vulnerability could also allow a malicious actor with local administrative privileges to execute code on the host system.

3. An information disclosure vulnerability in the UHCI USB controller. This vulnerability could potentially expose sensitive information to unauthorized parties.

Affected Products and Versions

——————————

The following VMware products are affected by these vulnerabilities:

1. ESXi 6.7 (6.7U3u), 6.5 (6.5U3v), and VCF 3.x.

2. Workstation, Fusion, and Cloud Foundation.

Response Matrix

—————–

VMware has provided a response matrix to help administrators address these vulnerabilities. The matrix offers the following information:

1. Fixed Versions: VMware has released patches for the affected products, which include fixed versions of ESXi 6.7 (6.7U3u), 6.5 (6.5U3v), and VCF 3.x.

2. Available Workarounds: For environments where immediate patching is not feasible, VMware has listed potential workarounds to mitigate the risk temporarily. These workarounds include disabling USB devices, limiting network access to the affected systems, and implementing additional security measures.

Critical Vulnerabilities Require Immediate Attention

————————————————

Given the severity of these vulnerabilities, it is essential for administrators to apply the available patches without delay. The fixed versions of ESXi 6.7 (6.7U3u), 6.5 (6.5U3v), and VCF 3.x are now available, and administrators should prioritize applying these updates to protect their environments from potential attacks.

If immediate patching is not feasible, VMware has provided workarounds to help mitigate the risk temporarily. However, these workarounds are not a substitute for applying the available patches as soon as possible.

Conclusion

———-

VMware Security Advisory VMSA-2024-0006 highlights three critical vulnerabilities in several key VMware products, including ESXi, Workstation, Fusion, and Cloud Foundation. These vulnerabilities could potentially allow a malicious actor with local administrative privileges to execute code on the host system, exposing sensitive information and putting the environment at risk.

Therefore, it is essential for administrators to apply the available patches without delay to protect their environments from potential attacks. VMware has provided a response matrix to help administrators address these vulnerabilities, offering fixed versions of affected products, available workarounds, and additional guidance on how to mitigate the risk temporarily.

By taking prompt action to address these vulnerabilities, administrators can help ensure their environments remain secure and protected from potential threats.

Leave a Reply