Vulnerability-Lookup

CVE-2024-22273 (GCVE-0-2024-22273)

Vulnerability from cvelistv5 – Published: 2024-05-21 17:29 – Updated: 2025-03-26 16:04

Summary

The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE

Out-of-bounds read/write vulnerability

Assigner

vmware

References

URL

Tags

https://support.broadcom.com/web/ecx/support-cont…

Impacted products

Vendor

Product

Version

n/a

VMware ESXi

Affected: 8.0 , < ESXi80U2sb-23305545 (custom)
Affected: 7.0 , < ESXi70U3sq-23794019 (custom)

n/a	VMware Workstation	Affected: 17.x , < 17.5.1 (custom)
n/a	VMware Fusion	Affected: 13.x , < 13.5.1 (custom)
n/a	VMware Cloud Foundation (ESXi)	Affected: 5.x , < 5.1.1 (custom) Affected: 4.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:vmware:fusion:13.x:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "fusion",
            "vendor": "vmware",
            "versions": [
              {
                "status": "affected",
                "version": "13.x"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:vmware:workstation:17.x:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "affected",
            "product": "workstation",
            "vendor": "vmware",
            "versions": [
              {
                "status": "affected",
                "version": "17.x"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "cloud_foundation",
            "vendor": "vmware",
            "versions": [
              {
                "status": "affected",
                "version": "5.x"
              },
              {
                "status": "affected",
                "version": "4.x"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "esxi",
            "vendor": "vmware",
            "versions": [
              {
                "status": "affected",
                "version": "0"
              },
              {
                "status": "affected",
                "version": "7.0"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-22273",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-22T14:29:07.429312Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          },
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-26T16:04:29.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T22:43:34.134Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VMware ESXi",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "ESXi80U2sb-23305545",
              "status": "affected",
              "version": "8.0",
              "versionType": "custom"
            },
            {
              "lessThan": "ESXi70U3sq-23794019",
              "status": "affected",
              "version": "7.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Windows",
            "Linux"
          ],
          "product": "VMware Workstation",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "17.5.1",
              "status": "affected",
              "version": "17.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "MacOS"
          ],
          "product": "VMware Fusion",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "13.5.1",
              "status": "affected",
              "version": "13.x",
              "versionType": "custom"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "VMware Cloud Foundation (ESXi)",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "5.1.1",
              "status": "affected",
              "version": "5.x",
              "versionType": "custom"
            },
            {
              "status": "affected",
              "version": "4.x"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability.\u00a0A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Out-of-bounds read/write vulnerability",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-21T17:29:05.426Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2024-22273",
    "datePublished": "2024-05-21T17:29:05.426Z",
    "dateReserved": "2024-01-08T18:43:18.957Z",
    "dateUpdated": "2025-03-26T16:04:29.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T22:43:34.134Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-22273\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-22T14:29:07.429312Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:vmware:fusion:13.x:*:*:*:*:*:*:*\"], \"vendor\": \"vmware\", \"product\": \"fusion\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.x\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:vmware:workstation:17.x:*:*:*:*:*:*:*\"], \"vendor\": \"vmware\", \"product\": \"workstation\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.x\"}], \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*\"], \"vendor\": \"vmware\", \"product\": \"cloud_foundation\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\"}, {\"status\": \"affected\", \"version\": \"4.x\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:vmware:esxi:*:*:*:*:*:*:*:*\"], \"vendor\": \"vmware\", \"product\": \"esxi\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}, {\"status\": \"affected\", \"version\": \"7.0\"}], \"defaultStatus\": \"unknown\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-05-22T14:39:30.657Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 8.1, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"n/a\", \"product\": \"VMware ESXi\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.0\", \"lessThan\": \"ESXi80U2sb-23305545\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"7.0\", \"lessThan\": \"ESXi70U3sq-23794019\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"n/a\", \"product\": \"VMware Workstation\", \"versions\": [{\"status\": \"affected\", \"version\": \"17.x\", \"lessThan\": \"17.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"Windows\", \"Linux\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"n/a\", \"product\": \"VMware Fusion\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.x\", \"lessThan\": \"13.5.1\", \"versionType\": \"custom\"}], \"platforms\": [\"MacOS\"], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"n/a\", \"product\": \"VMware Cloud Foundation (ESXi)\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.x\", \"lessThan\": \"5.1.1\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"4.x\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability.\\u00a0A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eThe storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Out-of-bounds read/write vulnerability\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2024-05-21T17:29:05.426Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-22273\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-26T16:04:29.446Z\", \"dateReserved\": \"2024-01-08T18:43:18.957Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2024-05-21T17:29:05.426Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GSD-2024-22273

Vulnerability from gsd - Updated: 2024-01-09 06:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-22273

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-22273"
      ],
      "id": "GSD-2024-22273",
      "modified": "2024-01-09T06:02:15.338914Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-22273",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

FKIE_CVE-2024-22273

Vulnerability from fkie_nvd - Published: 2024-05-21 18:15 - Updated: 2025-03-26 16:15

Severity ?

8.1 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	security@vmware.com	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308	Vendor Advisory

Impacted products

Vendor	Product	Version
vmware	cloud_foundation	*
vmware	workstation	*
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	7.0
vmware	esxi	8.0
vmware	esxi	8.0
vmware	esxi	8.0
vmware	esxi	8.0
vmware	esxi	8.0
vmware	esxi	8.0
vmware	esxi	8.0
vmware	esxi	8.0
vmware	fusion	*
apple	macos	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6C5CFA-E78F-46EA-B8E0-8AE2A29C9586",
              "versionEndExcluding": "5.1.1",
              "versionStartIncluding": "4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0BFB423-5C6D-40F3-960A-53D9955E7621",
              "versionEndExcluding": "17.5.1",
              "versionStartIncluding": "17.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5CBA6B5A-F345-41D1-8AA0-E5F274A2D8FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "F030A666-1955-438B-8417-5C294905399F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "2C8DB7F6-5765-4355-B30E-9CAC39ECA5D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:*",
              "matchCriteriaId": "A790D41E-B398-4233-9EC7-CF5BE2BC3161",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:*",
              "matchCriteriaId": "B7619C16-5306-4C4A-88E8-E80876635F66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1c:*:*:*:*:*:*",
              "matchCriteriaId": "238E7AF4-722B-423D-ABB1-424286B06715",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1d:*:*:*:*:*:*",
              "matchCriteriaId": "1E4DE8C7-72FB-4BEC-AD9E-378786295011",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_1e:*:*:*:*:*:*",
              "matchCriteriaId": "2E6DE184-35C8-4A13-91D4-4B43E9F0168C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "D3E3A02D-6C1E-4DE8-B845-60F53C056F32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2a:*:*:*:*:*:*",
              "matchCriteriaId": "12D385F0-DB2B-4802-AD0E-31441DA056B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2c:*:*:*:*:*:*",
              "matchCriteriaId": "2C202879-9230-4E1D-BAB8-4FB7CE4BBC24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2d:*:*:*:*:*:*",
              "matchCriteriaId": "CC6DC107-5142-4155-A33B-D5BE72E9ED38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_2e:*:*:*:*:*:*",
              "matchCriteriaId": "39817170-5C45-4F8A-916D-81B7352055DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "4ADC3CFF-7415-46A5-817A-2F053B261E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3c:*:*:*:*:*:*",
              "matchCriteriaId": "A2F831A7-544E-4B45-BA49-7F7A0234579C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3d:*:*:*:*:*:*",
              "matchCriteriaId": "80A0DD2E-F1CC-413B-91F9-E3986011A0A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3e:*:*:*:*:*:*",
              "matchCriteriaId": "C77771B2-BC64-47A5-B6DB-9CBCC4456B67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3f:*:*:*:*:*:*",
              "matchCriteriaId": "86DE9CE6-F6C0-47D2-B3AB-34852A8B9603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3g:*:*:*:*:*:*",
              "matchCriteriaId": "E75B2F03-702E-4359-9BB2-E234F1DC38C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3i:*:*:*:*:*:*",
              "matchCriteriaId": "ACAA9494-5248-4B01-8BC1-C38AB615FFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3j:*:*:*:*:*:*",
              "matchCriteriaId": "BF12014B-BF2B-42EF-B70C-59CDA8E2176F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3k:*:*:*:*:*:*",
              "matchCriteriaId": "F965D853-EE4A-41F5-840B-2D009ACC9754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3l:*:*:*:*:*:*",
              "matchCriteriaId": "BA7B7313-FF53-43C9-AF4D-B639053D3FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3m:*:*:*:*:*:*",
              "matchCriteriaId": "9FB5738F-27E4-42C6-BD1B-F7F66A7EF0A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3n:*:*:*:*:*:*",
              "matchCriteriaId": "FC3668A6-262B-42BF-9E90-28BAA9BB3347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3o:*:*:*:*:*:*",
              "matchCriteriaId": "DA4E9185-44BA-41E6-8600-C8616E199334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:7.0:update_3p:*:*:*:*:*:*",
              "matchCriteriaId": "F50302BB-B950-4178-A109-358393E0A50A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "7A1A402A-9262-4B97-A0B7-E5AE045E394D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:a:*:*:*:*:*:*",
              "matchCriteriaId": "FE44B379-9943-4DD1-8514-26F87482AFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:b:*:*:*:*:*:*",
              "matchCriteriaId": "2A797377-8945-4D75-AA68-A768855E5842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:c:*:*:*:*:*:*",
              "matchCriteriaId": "79D84D76-54BE-49E9-905C-7D65B4B42D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "2F8767F7-7C3D-457D-9EAC-E8A30796F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1a:*:*:*:*:*:*",
              "matchCriteriaId": "29AF8474-2D7A-4C5A-82B9-7A873AD90C2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_1c:*:*:*:*:*:*",
              "matchCriteriaId": "7781A2CA-D927-48CD-9932-AE42B7BA1EFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:vmware:esxi:8.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "360C1B71-5360-4379-B0DE-63BB8F5E6DA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "50649AB8-57FD-4210-A7F4-3AD7D00F6A91",
              "versionEndExcluding": "13.5.1",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability.\u00a0A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues."
    },
    {
      "lang": "es",
      "value": "Los controladores de almacenamiento en VMware ESXi, Workstation y Fusion tienen una vulnerabilidad de lectura/escritura fuera de los l\u00edmites. Un actor malintencionado con acceso a una m\u00e1quina virtual con controladores de almacenamiento habilitados puede aprovechar este problema para crear una condici\u00f3n de denegaci\u00f3n de servicio o ejecutar c\u00f3digo en el hipervisor desde una m\u00e1quina virtual junto con otros problemas."
    }
  ],
  "id": "CVE-2024-22273",
  "lastModified": "2025-03-26T16:15:19.423",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 6.0,
        "source": "security@vmware.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-21T18:15:08.993",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CERTFR-2024-AVI-0427

Vulnerability from certfr_avis - Published: 2024-05-22 - Updated: 2024-05-22

De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Fusion	Fusion versions 13.x antérieures à 13.5.1 (la version la plus récente est 13.5.2)
VMware	ESXi	ESXi versions 7.x antérieures à 7.0 Update 3q
VMware	vCenter Server	vCenter Server versions 7.x antérieures à 7.0 Update 3q
VMware	N/A	Workstation versions 17.x antérieures à 17.5.1 (la version la plus récente est 17.5.2)
VMware	N/A	Cloud Foundation (ESXi et vCenter Server) versions 4.x sans le dernier correctif de sécurité
VMware	vCenter Server	vCenter Server versions 8.x antérieures à 8.0 Update 2b
VMware	N/A	Cloud Foundation (ESXi et vCenter Server) versions 5.x antérieures à 5.1.1
VMware	ESXi	ESXi versions 8.x antérieures à 8.0 Update 2b

References

Title

Publication Time

GHSA-9MQ7-WPM3-GV26

Vulnerability from github – Published: 2024-05-21 18:31 – Updated: 2025-03-26 18:30

Details

Severity ?

8.1 (High)


                  
                    CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-22273"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-125"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-21T18:15:08Z",
    "severity": "HIGH"
  },
  "details": "The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability.\u00a0A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues.",
  "id": "GHSA-9mq7-wpm3-gv26",
  "modified": "2025-03-26T18:30:44Z",
  "published": "2024-05-21T18:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22273"
    },
    {
      "type": "WEB",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2024-22273

Vulnerability from fstec - Published: 21.05.2024

Title

Уязвимость контроллеров хранилища гипервизоров VMware ESXi, VMware Workstation и VMware Fusion, позволяющая нарушителю выполнить произвольный код

Description

Уязвимость контроллеров хранилища гипервизоров VMware ESXi, VMware Workstation и VMware Fusion связана с возможностью чтения/записи за пределами допустимого диапазона. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код

Severity ?


                    
                      AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor

VMware Inc.

Software Name

VMWare Workstation, VMware Fusion, VMware ESXi, VMware Cloud Foundation

Software Version

от 17.0 до 17.5.1 (VMWare Workstation), от 13.0 до 13.5.1 (VMware Fusion), от 8.0 до ESXi80U2sb-23305545 (VMware ESXi), от 7.0 до ESXi70U3sq-23794019 (VMware ESXi), от 5.0 до 5.1.1 (VMware Cloud Foundation), от 4.0 до KB88287 (VMware Cloud Foundation)

Possible Mitigations

Установка обновлений из доверенных источников. В связи со сложившейся обстановкой и введенными санкциями против Российской Федерации рекомендуется устанавливать обновления программного обеспечения только после оценки всех сопутствующих рисков. Компенсирующие меры: - использование антивирусного программного обеспечения для ограничения возможности эксплуатации уязвимости; - минимизация пользовательских привилегий; - отключение/удаление неиспользуемых учётных записей пользователей. Использование рекомендаций производителя: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308

Reference

https://vuldb.com/sv/?id.265641 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308

CWE

CWE-787

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "VMware Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 17.0 \u0434\u043e 17.5.1 (VMWare Workstation), \u043e\u0442 13.0 \u0434\u043e 13.5.1 (VMware Fusion), \u043e\u0442 8.0 \u0434\u043e ESXi80U2sb-23305545 (VMware ESXi), \u043e\u0442 7.0 \u0434\u043e ESXi70U3sq-23794019 (VMware ESXi), \u043e\u0442 5.0 \u0434\u043e 5.1.1 (VMware Cloud Foundation), \u043e\u0442 4.0 \u0434\u043e KB88287 (VMware Cloud Foundation)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0423\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438\u0437 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u0432.\n\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441\u043e \u0441\u043b\u043e\u0436\u0438\u0432\u0448\u0435\u0439\u0441\u044f \u043e\u0431\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u043e\u0439 \u0438 \u0432\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u043c\u0438 \u0441\u0430\u043d\u043a\u0446\u0438\u044f\u043c\u0438 \u043f\u0440\u043e\u0442\u0438\u0432 \u0420\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u043e\u0439 \u0424\u0435\u0434\u0435\u0440\u0430\u0446\u0438\u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0441\u043b\u0435 \u043e\u0446\u0435\u043d\u043a\u0438 \u0432\u0441\u0435\u0445 \u0441\u043e\u043f\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0438\u0445 \u0440\u0438\u0441\u043a\u043e\u0432.\n\n\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438;\n- \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0430\u0446\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439;\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435/\u0443\u0434\u0430\u043b\u0435\u043d\u0438\u0435 \u043d\u0435\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0443\u0447\u0451\u0442\u043d\u044b\u0445 \u0437\u0430\u043f\u0438\u0441\u0435\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f:\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "28.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "28.05.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-04135",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-22273",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "VMWare Workstation, VMware Fusion, VMware ESXi, VMware Cloud Foundation",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u043e\u0432 VMware ESXi, VMware Workstation \u0438 VMware Fusion, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u043b\u0435\u0440\u043e\u0432 \u0445\u0440\u0430\u043d\u0438\u043b\u0438\u0449\u0430 \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u043e\u0432 VMware ESXi, VMware Workstation \u0438 VMware Fusion \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0447\u0442\u0435\u043d\u0438\u044f/\u0437\u0430\u043f\u0438\u0441\u0438 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0434\u043e\u043f\u0443\u0441\u0442\u0438\u043c\u043e\u0433\u043e \u0434\u0438\u0430\u043f\u0430\u0437\u043e\u043d\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://vuldb.com/sv/?id.265641\nhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-787",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-22273 (GCVE-0-2024-22273)

GSD-2024-22273

FKIE_CVE-2024-22273

CERTFR-2024-AVI-0427

Solutions

GHSA-9MQ7-WPM3-GV26

CVE-2024-22273

Tags

Sightings

Nomenclature