CVE-2024-22254 — Vulnetix

CVE-2024-22254 PUBLISHED

------------ On March 5, 2024, Broadcom issued a security advisory, VMSA-2024-0006, which addresses security vulnerabilities discovered in VMware ESXi, VMware Workstation Pro & Player, and VMware Fusion. An attacker with privileged access (root or administrator) to the guest OS inside a virtual machine may use these vulnerabilities to access the hypervisor. In short, patching these products is the fastest method to resolve the issues. Depending on your environment there may be a workaround available, via removal of USB controllers from virtual machines. That may be infeasible at scale and may impact virtual machine console access. See the Q&A below for more information. The VMware Security Advisory (VMSA) is the definitive source for information regarding affected products and versions, workarounds, and appropriate patches necessary for maintaining your organization's security. This document serves as a supplementary guide to the advisory, providing self-service information to assist you and your organization in determining an appropriate response.

EPSS 0.30% · 53.6th percentile

Risk Scores

EPSS Score

0.30%

53.6th percentile

Timeline

Mar 5, 2024 CVE Published
Mar 6, 2024 EPSS Score
Apr 1, 2024 EPSS Score
Apr 28, 2024 EPSS Score
May 24, 2024 EPSS Score
Jun 20, 2024 EPSS Score
Jul 16, 2024 EPSS Score
Aug 12, 2024 EPSS Score
Sep 7, 2024 EPSS Score
Oct 3, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 11, 2024 VulnCheck KEV Exploitation

References

https://github.com/vmware/vcf-security-and-compliance-guidelines/blob/main/security-advisories/vmsa-2024-0006/README.md advisory

Open in Interactive Console →