Getty Images VMware is urging customers to patch critical vulnerabilities that make it possible for hackers to break out of sandbox and hypervisor protections in all versions, including out-of-support ones, of VMware ESXi, Workstation, Fusion, and Cloud Foundation products. A constellation of four vulnerabilities—two carrying severity ratings of 9.3 out of a possible 10—are serious … Read more
Updates have been issued by VMware to resolve critical security vulnerabilities impacting its ESXi, Cloud Foundation, Fusion, and Workstation offerings, according to Security Affairs. Most severe of the addressed flaws were a pair of use-after-free issues in the XHCI USB and UHCI USB controllers, tracked as CVE-2024-22252 and CVE-2024-22253, respectively, said VMware in its advisory. Both vulnerabilities could … Read more
VMware urgent updates addressed Critical ESXi Sandbox Escape bugs Pierluigi Paganini March 05, 2024 VMware released urgent patches to address critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion and Cloud Foundation products Virtualization giant VMware released urgent updates to fix critical ESXi sandbox escape vulnerabilities in the ESXi, Workstation, Fusion, and Cloud Foundation … Read more
The most serious flaws allow hackers with local admin rights to execute code as the virtual machine’s VMX process running on the host. Source link
VMware is urging network administrators to remove an out-of-date plug-in for its VSphere, which has two flaws — one of them critical — that can allow attackers with access to a Windows client system to hijack cloud computing sessions. VMware this week released a security advisory addressing the flaws — one tracked as CVE-2024-22245, with … Read more
Feb 21, 2024NewsroomActive Directory / Vulnerability VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as CVE-2024-22245 (CVSS score: 9.6), the vulnerability has been described as an arbitrary authentication relay bug. “A malicious actor could trick a target domain user with EAP installed … Read more
Critical flaw found in deprecated VMware EAP. Uninstall it immediately Pierluigi Paganini February 21, 2024 VMware urges customers to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the disclosure of a critical flaw CVE-2024-22245. VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) after the discovery of an arbitrary authentication relay flaw … Read more
A deprecated authentication plug-in for VSphere, the enhanced authentication plug-in (EAP), carries two vulnerabilities, one critical, and should be disabled by users. … Source link
One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat (APT) for years before a patch became available. It was all-hands-on-deck in October when news first broke of CVE-2023-34048, a 9.8 out of 10 “critical” CVSS-rated out-of-bounds write vulnerability affecting vCenter Server, VMware’s centralized platform … Read more
Feb 08, 2024NewsroomCyber Threat / Network Security Cisco, Fortinet, and VMware have released security fixes for multiple security vulnerabilities, including critical weaknesses that could be exploited to perform arbitrary actions on affected devices. The first set from Cisco consists of three flaws – CVE-2024-20252 and CVE-2024-20254 (CVSS score: 9.6) and CVE-2024-20255 (CVSS score: 8.2) – … Read more