As BSI studies now, vulnerabilities have been recognized in VMware merchandise. You can examine which purposes and merchandise are affected by safety holes right here at information.de.
Federal Office for Security in Information Technology (BSI) has revealed a safety advisory for VMware merchandise on May 21, 2024. Several vulnerabilities have been present in using this software program that could possibly be exploited by attackers. The safety vulnerability impacts Linux, MacOS X and Windows working techniques and the merchandise VMware ESXi, VMware Fusion, VMware Cloud Foundation and VMware vCenter Server.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: VMware Security Advisory VMSA-2024-0011 (Stop: 21.05.2024).
Multiple vulnerabilities have been reported for VMware merchandise – Risk: excessive
Risk degree: 4 (excessive)
CVSS Base Score: 8.1
CVSS provisional rating: 7,1
Remote assault: No
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS normal makes it potential to check potential or precise safety dangers primarily based on numerous standards to create a precedence record for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of the vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For short-term impact, body circumstances which will change over time are thought-about within the take a look at. According to CVSS, the chance of the vulnerability talked about right here is rated as “excessive” on the premise of 8.1 factors.
VMware Products Bug: Description of the assault
VMware virtualization software program allows the simultaneous use of various purposes on a bunch system. VMware Cloud Foundation is a hybrid cloud platform for VM administration and container orchestration.
An attacker could exploit a number of vulnerabilities in VMware ESXi, VMware Workstation, VMware Fusion, VMware Cloud Foundation, and VMware vCenter Server to execute malicious code or expose delicate data.
Vulnerabilities are labeled utilizing the CVE (Common Vulnerability and Exposure) designation system by their particular person serial numbers CVE-2024-22273, CVE-2024-22274 and CVE-2024-22275.
Systems affected by the safety hole at a look
Operating techniques
Linux, MacOS X, Windows
Products
VMware ESXi VMware ESXi VMware Workstation VMware Fusion VMware Cloud Foundation VMware Cloud Foundation VMware vCenter Server VMware vCenter Server
General suggestions for addressing IT safety gaps
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically comprises further details about the newest model of the software program in query and the provision of safety patches or efficiency ideas.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to repeatedly examine the required sources to see if a brand new safety replace is out there.
Manufacturer details about updates, patches and workarounds
Here you will see that some hyperlinks with details about bug studies, safety fixes and workarounds.
VMware Security Advisory VMSA-2024-0011 vom 2024-05-21 (21.05.2024)
For extra data, see:
Version historical past of this safety alert
This is the primary model of this IT safety discover for VMware merchandise. If updates are introduced, this doc will probably be up to date. You can examine modifications or additions on this model historical past.
May 21, 2024 – First model
+++ Editorial be aware: This doc is predicated on present BSI information and will probably be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you will see that sizzling information, present movies and a direct line to the editorial crew.
kns/roj/information.de