Summary
VMware has released security updates to address some vulnerabilities, including one with a severity of “critical” in the products vCenter Server and Cloud Foundation, a well-known virtualization software.
Notes (updated 11/19/2024): the vendor states that an exploit for the vulnerabilities is available online.
Risk
Estimate of the impact of the vulnerability on the reference community: HIGH/ORANGE (66.41/100)1.
Type
- Remote Code Execution
- Privilege Escalation
Affected products and/or versions
VMware
- vCenter Server, versions 7.0, 8.0
- Cloud Foundation, versions 4.x, 5.x
Mitigation actions
In line with the vendor’s statements, it is recommended to update the vulnerable products following the instructions in the security bulletin reported in the References section.
Unique Vulnerability Identifiers
References
1This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.
