VMware has released a security update to address multiple vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) found in various VMware products, including ESXi, Workstation, Fusion, and Cloud Foundation.

Affected Systems

• VMware ESXi

• VMware Workstation Pro / Player (Workstation)

• VMware Fusion Pro / Fusion (Fusion)

• VMware Cloud Foundation (Cloud Foundation)

Security Risks

Successful exploitation of the vulnerability may lead to unauthorized information disclosure on the affected system.

Recommended Actions

The National Cyber Security Authority (NCSA) strongly recommends to system administrators to:

• Follow VMware security advisory to lower the risk of potential exploits, protect systems, and ensure their security.

• Apply the required and latest security updates as soon as possible. The released software versions to upgrade to are as follows:

• VMware ESXi versions 8.0 Update 1d,  7.0 Update 3p and ESXi 8.0 Update 2b: running on any platform.

• VMware Workstation Pro / Player (Workstation) version 17.5.1: running on any platform.

• VMware Fusion Pro / Fusion Version 13.5.1: running on macOS.

• Cloud Foundation (ESXi) : running on any platform.

• Before any update task, please ensure you have a recent backup that can easily be restored.

For further information and support, please contact NCSA by email at rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://www.vmware.com/security/advisories.html

• www.vmware.com/security/advisories/VMSA-2024-0006.html