VMWare Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Operating Systems - VM Ware
Multiple vulnerabilities were identified in VMware products. An attacker could exploit some of these vulnerabilities to trigger cross site scripting, elevation of privilege, remote code execution, security restriction bypass and information disclosure.
[Updated on 2022-04-26] CVE-2022-22954 and CVE-2022-22960 are being exploited in the wild. Exploitation of CVE-2022-22954 may trigger remote code execution vulnerability while exploitation of CVE-2022-22960 may trigger elevation of privilege vulnerability. The risk level is changed from medium risk to extremely high risk correspondingly. HKCERT urges users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.
Impact
- Cross-Site Scripting
- Elevation of Privilege
- Remote Code Execution
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
Please visit the vendor web-site for more details.
Solutions
Before installation of the software, please visit the vendor web-site for more details.
- Apply fixes issued by the vendor:
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
Vulnerability Identifier
- CVE-2022-22954
- CVE-2022-22955
- CVE-2022-22956
- CVE-2022-22957
- CVE-2022-22958
- CVE-2022-22959
- CVE-2022-22960
- CVE-2022-22961
沒有留言:
發佈留言