Refine your search
102 vulnerabilities found for ESXi by VMware
CERTFR-2025-AVI-0592
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x et 2.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | Cloud Foundation | Cloud Foundation et vSphere Foundation versions 9.0.0.0 sans le correctif ESXi-9.0.0.0100-24813472 | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.6.4 | ||
| VMware | Telco Cloud Platform | Telco Cloud Platform versions 3.x et 2.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans le correctif ESXi80U3f-24784735 | ||
| VMware | Workstation | Worstation versions 17.x antérieures à 17.6.4 | ||
| VMware | VMware Tools | VMware Tools versions 13.x.x antérieures à 13.0.1.0 pour Windows | ||
| VMware | ESXi | ESXI versions 7.0 sans le correctif ESXi70U3w-24784741 | ||
| VMware | VMware Tools | VMware Tools versions antérieures à 12.5.3 pour Windows | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x sans le correctif ESXi70U3w-24784741 | ||
| VMware | ESXi | ESXI versions 8.0 sans les correctifs ESXi80U3f-24784735 et ESXi80U2e-24789317 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Infrastructure versions 3.x et 2.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation et vSphere Foundation versions 9.0.0.0 sans le correctif ESXi-9.0.0.0100-24813472",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.6.4",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Platform versions 3.x et 2.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans le correctif ESXi80U3f-24784735",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Worstation versions 17.x ant\u00e9rieures \u00e0 17.6.4",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions 13.x.x ant\u00e9rieures \u00e0 13.0.1.0 pour Windows",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXI versions 7.0 sans le correctif ESXi70U3w-24784741",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Tools versions ant\u00e9rieures \u00e0 12.5.3 pour Windows",
"product": {
"name": "VMware Tools",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.5.x sans le correctif ESXi70U3w-24784741",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXI versions 8.0 sans les correctifs ESXi80U3f-24784735 et ESXi80U2e-24789317",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41236",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41236"
},
{
"name": "CVE-2025-41237",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41237"
},
{
"name": "CVE-2025-41238",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41238"
},
{
"name": "CVE-2025-41239",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41239"
}
],
"initial_release_date": "2025-07-16T00:00:00",
"last_revision_date": "2025-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0592",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-07-15",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 35877",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/35877"
}
]
}
CERTFR-2025-AVI-0430
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une injection de code indirecte à distance (XSS).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Telco Cloud Platform | Telco Cloud Platform sans le correctif de sécurité 8.0 U3e pour vCenter | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x sans le correctif de sécurité ESXi80U3se-24659227 pour ESXi | ||
| VMware | ESXi | ESXi versions 8.0 sans le correctif de sécurité ESXi80U3se-24659227 | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans le correctif de sécurité ESXi80U3se-24659227 pour ESXi | ||
| VMware | Telco Cloud Platform | Telco Cloud Platform sans le correctif de sécurité ESXi80U3se-24659227 pour ESXi | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 3.x sans le correctif de sécurité 8.0 U3e pour vCenter | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.6.3 sur macOS | ||
| VMware | vCenter Server | vCenter Server versions 7.0 sans le correctif de sécurité 7.0 U3v | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x sans le correctif de sécurité 7.0 U3v pour vCenter | ||
| VMware | Workstation | Workstation versions 17.x antérieures à 17.6.3 | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 2.x sans le correctif de sécurité 7.0 U3v pour vCenter | ||
| VMware | vCenter Server | vCenter Server versions 8.0 sans le correctif de sécurité 8.0 U3e | ||
| VMware | Cloud Foundation | Cloud Foundation versions 5.x sans le correctif de sécurité 8.0 U3e pour vCenter | ||
| VMware | Cloud Foundation | Cloud Foundation versions 4.5.x sans le correctif de sécurité ESXi70U3sv-24723868 pour ESXi | ||
| VMware | Telco Cloud Infrastructure | Telco Cloud Infrastructure versions 2.x sans le correctif de sécurité ESXi70U3sv-24723868 pour ESXi | ||
| VMware | ESXi | ESXi versions 7.0 sans le correctif de sécurité ESXi70U3sv-24723868 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Telco Cloud Platform sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 3.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 8.0 sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Platform sans le correctif de s\u00e9curit\u00e9 ESXi80U3se-24659227 pour ESXi",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 3.x sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.6.3 sur macOS",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 7.0 sans le correctif de s\u00e9curit\u00e9 7.0 U3v",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 7.0 U3v pour vCenter",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions 17.x ant\u00e9rieures \u00e0 17.6.3",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 2.x sans le correctif de s\u00e9curit\u00e9 7.0 U3v pour vCenter",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 8.0 sans le correctif de s\u00e9curit\u00e9 8.0 U3e",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 8.0 U3e pour vCenter",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868 pour ESXi",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Telco Cloud Infrastructure versions 2.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868 pour ESXi",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3sv-24723868",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41227",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41227"
},
{
"name": "CVE-2025-41225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41225"
},
{
"name": "CVE-2025-41228",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41228"
},
{
"name": "CVE-2025-41226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41226"
}
],
"initial_release_date": "2025-05-21T00:00:00",
"last_revision_date": "2025-05-21T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0430",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-05-20",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25717",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717"
}
]
}
CERTFR-2025-AVI-0177
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.
VMware indique que les vulnérabilités CVE-2025-222234, CVE-2025-22225 et CVE-2025-22226 sont activement exploitées.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Cloud Foundation | VMware Cloud Foundation versions 4.5.x sans le correctif de sécurité ESXi70U3s-24585291 | ||
| VMware | Telco Cloud Platform | VMware Telco Cloud Platorm sans le correctif de sécurité KB389385 | ||
| VMware | ESXi | VMware ESXi versions 7.0 sans le correctif de sécurité ESXi70U3s-24585291 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 5.x sans le correctif de sécurité ESXi80U3d-24585383 | ||
| VMware | Fusion | VMware Fusion 13.x versions antérieures à 13.6.3 | ||
| VMware | ESXi | VMware ESXi versions 8.0 sans le correctif de sécurité ESXi80U2d-24585300 ou ESXi80U3d-24585383 | ||
| VMware | Telco Cloud Infrastructure | VMware Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de sécurité KB389385 | ||
| VMware | Workstation | VMware Workstation versions 17.x antérieures à 17.6.3 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Cloud Foundation versions 4.5.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3s-24585291",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Telco Cloud Platorm sans le correctif de s\u00e9curit\u00e9 KB389385",
"product": {
"name": "Telco Cloud Platform",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3s-24585291",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 5.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3d-24585383",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Fusion 13.x versions ant\u00e9rieures \u00e0 13.6.3",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 8.0 sans le correctif de s\u00e9curit\u00e9 ESXi80U2d-24585300 ou ESXi80U3d-24585383",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Telco Cloud Infrastructure versions 2.x et 3.x sans le correctif de s\u00e9curit\u00e9 KB389385",
"product": {
"name": "Telco Cloud Infrastructure",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Workstation versions 17.x ant\u00e9rieures \u00e0 17.6.3",
"product": {
"name": "Workstation",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22224",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22224"
},
{
"name": "CVE-2024-38814",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38814"
},
{
"name": "CVE-2025-22226",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22226"
},
{
"name": "CVE-2025-22225",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22225"
}
],
"initial_release_date": "2025-03-05T00:00:00",
"last_revision_date": "2025-03-05T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0177",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-03-05T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\n\nVMware indique que les vuln\u00e9rabilit\u00e9s CVE-2025-222234, CVE-2025-22225 et CVE-2025-22226 sont activement exploit\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25466",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25466"
},
{
"published_at": "2025-03-04",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25390",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
]
}
CERTFR-2024-AVI-0519
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement de la politique de sécurité et un déni de service.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
L'éditeur indique que les versions 7.0.x d'ESXi et 4.x de Cloud Foundation ne bénéficieront pas de correctif de sécurité pour la vulnérabilité CVE-2024-37085. Ces versions bénéficient d'un correctif (ESXi70U3sq-23794019) pour la vulnérabilité CVE-2024-37086. Des correctifs sont prévus pour les trois vulnérabilités pour les versions 5.x de VMware Cloud Foundation.
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | ESXi | VMWare ESXi versions 7.0.x sans le correctif de sécurité ESXi70U3sq-23794019 pour la vulnérabilité CVE-2024-37086 | ||
| VMware | vCenter Server | VMware vCenter Server versions 8.0.x antérieures à 8.0 U3 | ||
| VMware | vCenter Server | VMware vCenter Server versions 7.0.x antérieures à 7.0 U3q | ||
| VMware | ESXi | VMWare ESXi versions 8.0.x sans le correctif de sécurité ESXi80U3-24022510 | ||
| VMware | N/A | VMware Cloud Foundation versions 4.x et 5.x | ||
| VMware | ESXi | VMWare ESXi versions 7.0.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMWare ESXi versions 7.0.x sans le correctif de s\u00e9curit\u00e9 ESXi70U3sq-23794019 pour la vuln\u00e9rabilit\u00e9 CVE-2024-37086 ",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions 8.0.x ant\u00e9rieures \u00e0 8.0 U3",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vCenter Server versions 7.0.x ant\u00e9rieures \u00e0 7.0 U3q",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMWare ESXi versions 8.0.x sans le correctif de s\u00e9curit\u00e9 ESXi80U3-24022510 \t",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 4.x et 5.x",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMWare ESXi versions 7.0.x",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "L\u0027\u00e9diteur indique que les versions 7.0.x d\u0027ESXi et 4.x de Cloud Foundation ne b\u00e9n\u00e9ficieront pas de correctif de s\u00e9curit\u00e9 pour la vuln\u00e9rabilit\u00e9 CVE-2024-37085. Ces versions b\u00e9n\u00e9ficient d\u0027un correctif (ESXi70U3sq-23794019) pour la vuln\u00e9rabilit\u00e9 CVE-2024-37086. \nDes correctifs sont pr\u00e9vus pour les trois vuln\u00e9rabilit\u00e9s pour les versions 5.x de VMware Cloud Foundation.\n",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-37087",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37087"
},
{
"name": "CVE-2024-37086",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37086"
},
{
"name": "CVE-2024-37085",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37085"
}
],
"initial_release_date": "2024-06-26T00:00:00",
"last_revision_date": "2024-06-26T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0519",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-06-26T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, un contournement de la politique de s\u00e9curit\u00e9 et un d\u00e9ni de service.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2024-06-25",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24505 (VMSA-2024-0013)",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
]
}
CERTFR-2024-AVI-0427
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Fusion | Fusion versions 13.x antérieures à 13.5.1 (la version la plus récente est 13.5.2) | ||
| VMware | ESXi | ESXi versions 7.x antérieures à 7.0 Update 3q | ||
| VMware | vCenter Server | vCenter Server versions 7.x antérieures à 7.0 Update 3q | ||
| VMware | N/A | Workstation versions 17.x antérieures à 17.5.1 (la version la plus récente est 17.5.2) | ||
| VMware | N/A | Cloud Foundation (ESXi et vCenter Server) versions 4.x sans le dernier correctif de sécurité | ||
| VMware | vCenter Server | vCenter Server versions 8.x antérieures à 8.0 Update 2b | ||
| VMware | N/A | Cloud Foundation (ESXi et vCenter Server) versions 5.x antérieures à 5.1.1 | ||
| VMware | ESXi | ESXi versions 8.x antérieures à 8.0 Update 2b |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.5.1 (la version la plus r\u00e9cente est 13.5.2)",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.x ant\u00e9rieures \u00e0 7.0 Update 3q",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 7.x ant\u00e9rieures \u00e0 7.0 Update 3q",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions 17.x ant\u00e9rieures \u00e0 17.5.1 (la version la plus r\u00e9cente est 17.5.2)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi et vCenter Server) versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 8.x ant\u00e9rieures \u00e0 8.0 Update 2b",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi et vCenter Server) versions 5.x ant\u00e9rieures \u00e0 5.1.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 8.x ant\u00e9rieures \u00e0 8.0 Update 2b",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-22275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22275"
},
{
"name": "CVE-2024-22273",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22273"
},
{
"name": "CVE-2024-22274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22274"
}
],
"initial_release_date": "2024-05-22T00:00:00",
"last_revision_date": "2024-05-22T00:00:00",
"links": [],
"reference": "CERTFR-2024-AVI-0427",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-05-22T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits VMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": "2024-05-21",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 24308",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24308"
}
]
}
CERTFR-2024-AVI-0186
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.
Solution
Se référer aux mesures de contournement proposées par l’éditeur (cf. section Documentation).
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour les mesures de contournement (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | ESXi | ESXi versions 7.0 sans le correctif de sécurité ESXi70U3p-23307199 | ||
| VMware | N/A | Workstation versions 17.x antérieures à 17.5.1 | ||
| VMware | Fusion | Fusion versions 13.x antérieures à 13.5.1 sur MacOS | ||
| VMware | N/A | VMware Cloud Foundation (ESXi) versions 5.x et 4.x sans le correctif de sécurité KB88287 | ||
| VMware | ESXi | ESXi versions 8.0 sans les correctifs de sécurité ESXi80U1d-23299997 et ESXi80U2sb-23305545 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESXi versions 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3p-23307199",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions 17.x ant\u00e9rieures \u00e0 17.5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 13.x ant\u00e9rieures \u00e0 13.5.1 sur MacOS",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (ESXi) versions 5.x et 4.x sans le correctif de s\u00e9curit\u00e9 KB88287",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 8.0 sans les correctifs de s\u00e9curit\u00e9 ESXi80U1d-23299997 et ESXi80U2sb-23305545",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer aux mesures de contournement propos\u00e9es par l\u2019\u00e9diteur (cf.\nsection Documentation).\n\n## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour les mesures de\ncontournement (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2024-22252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22252"
},
{
"name": "CVE-2024-22253",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22253"
},
{
"name": "CVE-2024-22255",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22255"
},
{
"name": "CVE-2024-22254",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22254"
}
],
"initial_release_date": "2024-03-06T00:00:00",
"last_revision_date": "2024-03-06T00:00:00",
"links": [
{
"title": "How to remove USB controllers from a Virtual Machine",
"url": "https://kb.vmware.com/s/article/96682"
}
],
"reference": "CERTFR-2024-AVI-0186",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2024-03-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits VMware\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire,\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2024-0006 du 05 mars 2024",
"url": "https://www.vmware.com/security/advisories/VMSA-2024-0006.html"
}
]
}
CERTFR-2022-AVI-1096
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | Access versions 22.09.0.0 versions antérieures à 22.09.1.0 (pour Linux) | ||
| VMware | Cloud Foundation | VMware Cloud Foundation (vIDM) toutes versions sans le correctif KB90384 | ||
| VMware | N/A | VMware vRealize Network Insight (vRNI) versions 6.3 antérieures à 6.3 HF | ||
| VMware | N/A | VMware vRealize Network Insight (vRNI) versions 6.6 antérieures à 6.6 HF | ||
| VMware | N/A | VMware vRealize Network Insight (vRNI) versions 6.5.x antérieures à 6.5.x HF | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 4.x/3.x sans le correctif KB90336 | ||
| VMware | N/A | VMware vRealize Network Insight (vRNI) versions 6.7 antérieures à 6.7 HF | ||
| VMware | N/A | Access versions 21.08.0.1, 21.08.0.0 sans le correctif KB90399 (pour Linux) | ||
| VMware | N/A | VMware vRealize Network Insight (vRNI) versions 6.4 antérieures à 6.4 HF | ||
| VMware | N/A | Workstation versions 16.x antérieures à 16.2.5 | ||
| VMware | Fusion | Fusion versions 12.x antérieures à 12.2.5 (pour OS X) | ||
| VMware | ESXi | ESXi versions 8.0 sans le correctif ESXi80a-20842819 | ||
| VMware | ESXi | ESXi versions 7.0 sans le correctif ESXi70U3si-20841705 | ||
| VMware | N/A | VMware vRealize Network Insight (vRNI) versions 6.2 antérieures à 6.2 HF | ||
| VMware | N/A | vIDM versions 3.3.6 sans le correctif KB90399 (pour Linux) |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Access versions 22.09.0.0 versions ant\u00e9rieures \u00e0 22.09.1.0 (pour Linux)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation (vIDM) toutes versions sans le correctif KB90384",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vRealize Network Insight (vRNI) versions 6.3 ant\u00e9rieures \u00e0 6.3 HF",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vRealize Network Insight (vRNI) versions 6.6 ant\u00e9rieures \u00e0 6.6 HF",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vRealize Network Insight (vRNI) versions 6.5.x ant\u00e9rieures \u00e0 6.5.x HF",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 4.x/3.x sans le correctif KB90336",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vRealize Network Insight (vRNI) versions 6.7 ant\u00e9rieures \u00e0 6.7 HF",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Access versions 21.08.0.1, 21.08.0.0 sans le correctif KB90399 (pour Linux)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vRealize Network Insight (vRNI) versions 6.4 ant\u00e9rieures \u00e0 6.4 HF",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation versions 16.x ant\u00e9rieures \u00e0 16.2.5",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion versions 12.x ant\u00e9rieures \u00e0 12.2.5 (pour OS X)",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 8.0 sans le correctif ESXi80a-20842819",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.0 sans le correctif ESXi70U3si-20841705",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vRealize Network Insight (vRNI) versions 6.2 ant\u00e9rieures \u00e0 6.2 HF",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vIDM versions 3.3.6 sans le correctif KB90399 (pour Linux)",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31703",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31703"
},
{
"name": "CVE-2022-31705",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31705"
},
{
"name": "CVE-2022-31701",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31701"
},
{
"name": "CVE-2022-31700",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31700"
},
{
"name": "CVE-2022-31702",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31702"
}
],
"initial_release_date": "2022-12-14T00:00:00",
"last_revision_date": "2022-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1096",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0031 du 13 d\u00e9cembre 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0031.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0032 du 13 d\u00e9cembre 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0032.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0033 du 13 d\u00e9cembre 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0033.html"
}
]
}
CERTFR-2022-AVI-1086
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | Cloud Foundation (vCenter Server) versions 4.x sans le correctif de sécurité KB90336 | ||
| VMware | vCenter Server | vCenter Server versions 6.7 antérieures à 6.7.0 U3s | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 3.x sans le correctif de sécurité KB90336 | ||
| VMware | N/A | Cloud Foundation (vCenter Server) versions 3.x sans le correctif de sécurité KB90336 | ||
| VMware | ESXi | ESXi versions 7.x antérieures à ESXi70U3si-20841705 | ||
| VMware | ESXi | ESXi versions 6.7 antérieures à ESXi670-202210101-SG | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 4.x sans le correctif de sécurité KB90336 | ||
| VMware | vCenter Server | vCenter Server versions 6.5 antérieures 6.5 U3u | ||
| VMware | ESXi | ESXi versions 6.5 antérieures à ESXi650-202210101-SG | ||
| VMware | vCenter Server | vCenter Server versions 7.x antérieures à 7.0 U3i |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Foundation (vCenter Server) versions 4.x sans le correctif de s\u00e9curit\u00e9 KB90336",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 6.7 ant\u00e9rieures \u00e0 6.7.0 U3s",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 3.x sans le correctif de s\u00e9curit\u00e9 KB90336",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (vCenter Server) versions 3.x sans le correctif de s\u00e9curit\u00e9 KB90336",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.x ant\u00e9rieures \u00e0 ESXi70U3si-20841705",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 6.7 ant\u00e9rieures \u00e0 ESXi670-202210101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 4.x sans le correctif de s\u00e9curit\u00e9 KB90336",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 6.5 ant\u00e9rieures 6.5 U3u",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 6.5 ant\u00e9rieures \u00e0 ESXi650-202210101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 7.x ant\u00e9rieures \u00e0 7.0 U3i",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31699",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31699"
},
{
"name": "CVE-2022-31698",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31698"
},
{
"name": "CVE-2022-31696",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31696"
},
{
"name": "CVE-2022-31697",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31697"
}
],
"initial_release_date": "2022-12-09T00:00:00",
"last_revision_date": "2022-12-09T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-1086",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-12-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer un contournement de\nla politique de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nun d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0030 du 08 d\u00e9cembre 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0030.html"
}
]
}
CERTFR-2022-AVI-892
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMWare. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | ESXi | ESXi versions 7.0 antérieures à ESXi70U3sf-20036586 | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 3.x sans le dernier correctif de sécurité | ||
| VMware | ESXi | ESXi versions 6.7 antérieures à ESXi670-202210101-SG | ||
| VMware | vCenter Server | vCenter Server versions 6.5 antérieures à 6.5 U3u | ||
| VMware | ESXi | ESXi versions 6.5 antérieures à ESXi650-202210101-SG | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 4.x sans le dernier correctif de sécurité |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESXi versions 7.0 ant\u00e9rieures \u00e0 ESXi70U3sf-20036586",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 3.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 6.7 ant\u00e9rieures \u00e0 ESXi670-202210101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 6.5 ant\u00e9rieures \u00e0 6.5 U3u",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 6.5 ant\u00e9rieures \u00e0 ESXi650-202210101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 4.x sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31681",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31681"
},
{
"name": "CVE-2022-31680",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31680"
}
],
"initial_release_date": "2022-10-10T00:00:00",
"last_revision_date": "2022-10-10T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-892",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-10-10T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMWare. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMWare",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2022-0025 du 06 octobre 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0025.html"
}
]
}
CERTFR-2022-AVI-638
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | vCenter Server | vCenter Server version 6.7 antérieure à 6.7 U3r | ||
| VMware | N/A | Cloud Foundation (vCenter Server) versions 3.x | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 4.x sans le correctif de sécurité KB88695 | ||
| VMware | N/A | VMware vRealize Log Insight versions 8.x antérieures à 8.8.2 | ||
| VMware | ESXi | ESXi version 7.0 sans le correctif de sécurité ESXi70U3sf-20036586 | ||
| VMware | vCenter Server | vCenter Server version 6.5 antérieure à 6.5 U3t | ||
| VMware | ESXi | ESXi version 6.7 sans le correctif de sécurité ESXi670-202207401-SG | ||
| VMware | ESXi | ESXi version 6.5 sans le correctif de sécurité ESXi650-202207401-SG | ||
| VMware | N/A | Cloud Foundation (vCenter Server) versions 4.x sans le correctif de sécurité KB88287 | ||
| VMware | vCenter Server | vCenter Server version 7.0 antérieure à 7.0 U3f | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 3.x sans le correctif de sécurité KB88927 |
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "vCenter Server version 6.7 ant\u00e9rieure \u00e0 6.7 U3r",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (vCenter Server) versions 3.x",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 4.x sans le correctif de s\u00e9curit\u00e9 KB88695",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware vRealize Log Insight versions 8.x ant\u00e9rieures \u00e0 8.8.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi version 7.0 sans le correctif de s\u00e9curit\u00e9 ESXi70U3sf-20036586",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server version 6.5 ant\u00e9rieure \u00e0 6.5 U3t",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi version 6.7 sans le correctif de s\u00e9curit\u00e9 ESXi670-202207401-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi version 6.5 sans le correctif de s\u00e9curit\u00e9 ESXi650-202207401-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (vCenter Server) versions 4.x sans le correctif de s\u00e9curit\u00e9 KB88287",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server version 7.0 ant\u00e9rieure \u00e0 7.0 U3f",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 3.x sans le correctif de s\u00e9curit\u00e9 KB88927",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-23825",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23825"
},
{
"name": "CVE-2022-29901",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-29901"
},
{
"name": "CVE-2022-31655",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31655"
},
{
"name": "CVE-2022-22982",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22982"
},
{
"name": "CVE-2022-28693",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-28693"
},
{
"name": "CVE-2022-23816",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23816"
},
{
"name": "CVE-2022-31654",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31654"
},
{
"name": "CVE-2021-22048",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22048"
}
],
"initial_release_date": "2022-07-15T00:00:00",
"last_revision_date": "2022-07-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-638",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-07-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0018 du 12 juillet 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0018.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0020 du 12 juillet 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0020.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0019 du 12 juillet 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0019.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2021-0025 mis \u00e0 jour le 12 juillet 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0025.html"
}
]
}
CERTFR-2022-AVI-550
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans VMware ESXi. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | ESXi | ESXi versions 6.5.x sans le correctif de sécurité KB88632 | ||
| VMware | ESXi | Cloud Foundation (ESXi) 4.x toutes versions | ||
| VMware | ESXi | ESXi versions 6.7.x antérieures à ESXi670-202206101-SG sans le correctif de sécurité KB88632 | ||
| VMware | ESXi | Cloud Foundation (ESXi) 3.x sans le correctif de sécurité KB88707 | ||
| VMware | ESXi | ESXi versions 7.x antérieures à ESXi70U3e-19898904 sans le correctif de sécurité KB88632 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "ESXi versions 6.5.x sans le correctif de s\u00e9curit\u00e9 KB88632",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) 4.x toutes versions",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 6.7.x ant\u00e9rieures \u00e0 ESXi670-202206101-SG sans le correctif de s\u00e9curit\u00e9 KB88632",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) 3.x sans le correctif de s\u00e9curit\u00e9 KB88707",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.x ant\u00e9rieures \u00e0 ESXi70U3e-19898904 sans le correctif de s\u00e9curit\u00e9 KB88632",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-21166",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21166"
},
{
"name": "CVE-2022-21125",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21125"
},
{
"name": "CVE-2022-21123",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21123"
}
],
"initial_release_date": "2022-06-15T00:00:00",
"last_revision_date": "2022-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-550",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware ESXi. Elles\npermettent \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans VMware ESXi",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2022-0016 du 14 juin 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0016.html"
}
]
}
CERTFR-2022-AVI-148
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Fusion | VMware Fusion versions 12.x antérieures à 12.2.1 | ||
| VMware | ESXi | VMware ESXi versions 6.5 antérieures à ESXi650-202202401-SG ou ESXi650-202110101-SG | ||
| VMware | ESXi | VMware ESXi versions 7.0 U2 antérieures à ESXi70U2e-19290878 | ||
| VMware | N/A | VMware Workstation versions 16.x antérieures à 16.2.1 | ||
| VMware | ESXi | VMware ESXi versions 6.7 antérieures à ESXi670-202111101-SG | ||
| VMware | ESXi | VMware ESXi versions 7.0 U1 antérieures à ESXi70U1e-19324898 | ||
| VMware | ESXi | VMware ESXi versions 7.0 U3 antérieures à ESXi70U3c-19193900 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Fusion versions 12.x ant\u00e9rieures \u00e0 12.2.1",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 6.5 ant\u00e9rieures \u00e0 ESXi650-202202401-SG ou ESXi650-202110101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.0 U2 ant\u00e9rieures \u00e0 ESXi70U2e-19290878",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Workstation versions 16.x ant\u00e9rieures \u00e0 16.2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 6.7 ant\u00e9rieures \u00e0 ESXi670-202111101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.0 U1 ant\u00e9rieures \u00e0 ESXi70U1e-19324898",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.0 U3 ant\u00e9rieures \u00e0 ESXi70U3c-19193900",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-22042",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22042"
},
{
"name": "CVE-2021-22041",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22041"
},
{
"name": "CVE-2021-22043",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22043"
},
{
"name": "CVE-2021-22050",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22050"
},
{
"name": "CVE-2021-22040",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22040"
}
],
"initial_release_date": "2022-02-15T00:00:00",
"last_revision_date": "2022-02-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-148",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware 2022-0004 du 15 f\u00e9vrier 2022",
"url": "https://www.vmware.com/security/advisories/VMSA-2022-0004.html"
}
]
}
CERTFR-2021-AVI-529
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un déni de service à distance, un contournement de la politique de sécurité et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | ESXi | VMware ESXi versions 6.7 antérieures à ESXi670-202103101-SG | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 3.x antérieures à 3.10.2 | ||
| VMware | N/A | VMware ThinApp versions 5.x antérieures à 5.2.10 | ||
| VMware | ESXi | VMware ESXi versions 6.5 antérieures à ESXi650-202107401-SG | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 4.x | ||
| VMware | ESXi | VMware ESXi versions 7.0 antérieures à ESXi70U2-17630552 |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware ESXi versions 6.7 ant\u00e9rieures \u00e0 ESXi670-202103101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 3.x ant\u00e9rieures \u00e0 3.10.2",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ThinApp versions 5.x ant\u00e9rieures \u00e0 5.2.10",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 6.5 ant\u00e9rieures \u00e0 ESXi650-202107401-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 4.x",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.0 ant\u00e9rieures \u00e0 ESXi70U2-17630552",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21994",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21994"
},
{
"name": "CVE-2021-22000",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-22000"
},
{
"name": "CVE-2021-21995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21995"
}
],
"initial_release_date": "2021-07-16T00:00:00",
"last_revision_date": "2021-07-16T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-529",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-07-16T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance, un contournement de la politique de s\u00e9curit\u00e9 et une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2021-0015 du 13 juillet 2021",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0015.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2021-0014 du 13 juillet 2021",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0014.html"
}
]
}
CERTFR-2021-AVI-145
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMWare. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | Cloud Foundation (ESXi) versions antérieures à 4.2 | ||
| VMware | N/A | Cloud Foundation (vCenter Server) versions antérieures à 4.2 | ||
| VMware | vCenter Server | vCenter Server versions antérieures à 6.7 U3l | ||
| VMware | ESXi | ESXi versions antérieures à ESXi670-202102401-SG | ||
| VMware | ESXi | ESXi versions antérieures à ESXi70U1c-17325551 | ||
| VMware | N/A | Cloud Foundation (ESXi) versions antérieures à 3.10.1.2 ou sans le correctif de sécurité KB82705 | ||
| VMware | vCenter Server | vCenter Server versions antérieures à 6.5 U3n | ||
| VMware | vCenter Server | vCenter Server versions antérieures à 7.0 U1c | ||
| VMware | ESXi | ESXi versions antérieures à ESXi650-202102101-SG | ||
| VMware | N/A | Cloud Foundation (vCenter Server) versions antérieures à 3.10.1.2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cloud Foundation (ESXi) versions ant\u00e9rieures \u00e0 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (vCenter Server) versions ant\u00e9rieures \u00e0 4.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions ant\u00e9rieures \u00e0 6.7 U3l",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions ant\u00e9rieures \u00e0 ESXi670-202102401-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions ant\u00e9rieures \u00e0 ESXi70U1c-17325551",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions ant\u00e9rieures \u00e0 3.10.1.2 ou sans le correctif de s\u00e9curit\u00e9 KB82705",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions ant\u00e9rieures \u00e0 6.5 U3n",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions ant\u00e9rieures \u00e0 7.0 U1c",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions ant\u00e9rieures \u00e0 ESXi650-202102101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (vCenter Server) versions ant\u00e9rieures \u00e0 3.10.1.2",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-21973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21973"
},
{
"name": "CVE-2021-21972",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21972"
},
{
"name": "CVE-2021-21974",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21974"
}
],
"initial_release_date": "2021-02-24T00:00:00",
"last_revision_date": "2021-02-24T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-145",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-02-24T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMWare. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMWare",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMWare VMSA-2021-0002 du 23 f\u00e9vrier 2021",
"url": "https://www.vmware.com/security/advisories/VMSA-2021-0002.html"
}
]
}
CERTFR-2020-AVI-831
Vulnerability from certfr_avis
Une vulnérabilité a été découverte dans les produits VMware. Elle permet à un attaquant de provoquer un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Fusion | VMware Fusion versions 12.x antérieures à 12.0 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 4.x | ||
| VMware | N/A | VMware Workstation versions 16.x antérieures à 16.0 | ||
| VMware | N/A | VMware Workstation versions 15.x antérieures à 15.5.7 | ||
| VMware | Fusion | VMware Fusion versions 11.x antérieures à 11.5.7 | ||
| VMware | ESXi | VMware ESXi versions 7.x sans la mise à jour ESXi70U1c-17325551 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Fusion versions 12.x ant\u00e9rieures \u00e0 12.0",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 4.x",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Workstation versions 16.x ant\u00e9rieures \u00e0 16.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Workstation versions 15.x ant\u00e9rieures \u00e0 15.5.7",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Fusion versions 11.x ant\u00e9rieures \u00e0 11.5.7",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.x sans la mise \u00e0 jour ESXi70U1c-17325551",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3999",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3999"
}
],
"initial_release_date": "2020-12-18T00:00:00",
"last_revision_date": "2020-12-18T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-831",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-12-18T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits VMware. Elle permet\n\u00e0 un attaquant de provoquer un d\u00e9ni de service.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 WMware VMSA-2020-0029 du 17 d\u00e9cembre 2020",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0029.html"
}
]
}
CERTFR-2020-AVI-767
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans VMware les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | VMware Workstation Pro / Player (Workstation) versions 15.x antérieures à 15.5.7 | ||
| VMware | ESXi | VMware ESXi versions 7.x antérieures à ESXi70U1b-17168206 | ||
| VMware | Fusion | VMware Fusion Pro / Fusion sur OS X versions 11.5.x antérieures à 11.5.7 | ||
| VMware | ESXi | VMware ESXi versions 6.7.x antérieures à ESXi670-202011101-SG | ||
| VMware | ESXi | VMware ESXi versions 6.5.x antérieures à ESXi650-202011301-SG | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 4.x | ||
| VMware | Cloud Foundation | VMware Cloud Foundation versions 3.x |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "VMware Workstation Pro / Player (Workstation) versions 15.x ant\u00e9rieures \u00e0 15.5.7",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 7.x ant\u00e9rieures \u00e0 ESXi70U1b-17168206",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Fusion Pro / Fusion sur OS X versions 11.5.x ant\u00e9rieures \u00e0 11.5.7",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 6.7.x ant\u00e9rieures \u00e0 ESXi670-202011101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware ESXi versions 6.5.x ant\u00e9rieures \u00e0 ESXi650-202011301-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 4.x",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation versions 3.x",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-4005",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4005"
},
{
"name": "CVE-2020-4004",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-4004"
}
],
"initial_release_date": "2020-11-20T00:00:00",
"last_revision_date": "2020-11-20T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-767",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-11-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans VMware les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2020-0026 du 19 novembre 2020",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0026.html"
}
]
}
CERTFR-2020-AVI-658
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service, une atteinte à l'intégrité et à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | N/A | vCenter 6.7.x versions antérieures à 6.7 U3 | ||
| VMware | ESXi | ESXi 7.0.x versions antérieures à ESXi_7.0.1-0.0.16850804 | ||
| VMware | N/A | vCenter 6.5.x versions antérieures à 6.5 U3K | ||
| VMware | Fusion | Fusion 11.x versions antérieures à 11.5.6 | ||
| VMware | NSX | NSX-T 3.x versions antérieures à 3.0.2 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation 3.x versions antérieures à 3.10.1.1 | ||
| VMware | ESXi | ESXi 6.7.x versions antérieures à ESXi670-202010401-SG | ||
| VMware | NSX | NSX-T 2.5.x versions antérieures à 2.5.2.2.0 | ||
| VMware | Cloud Foundation | VMware Cloud Foundation 4.x versions antérieures à 4.1 | ||
| VMware | ESXi | ESXi 6.5.x versions antérieures à ESXi650-202010401-SG | ||
| VMware | N/A | Workstation 15.x toutes versions |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "vCenter 6.7.x versions ant\u00e9rieures \u00e0 6.7 U3",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi 7.0.x versions ant\u00e9rieures \u00e0 ESXi_7.0.1-0.0.16850804",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter 6.5.x versions ant\u00e9rieures \u00e0 6.5 U3K",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Fusion 11.x versions ant\u00e9rieures \u00e0 11.5.6",
"product": {
"name": "Fusion",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NSX-T 3.x versions ant\u00e9rieures \u00e0 3.0.2",
"product": {
"name": "NSX",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation 3.x versions ant\u00e9rieures \u00e0 3.10.1.1",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi 6.7.x versions ant\u00e9rieures \u00e0 ESXi670-202010401-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "NSX-T 2.5.x versions ant\u00e9rieures \u00e0 2.5.2.2.0",
"product": {
"name": "NSX",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "VMware Cloud Foundation 4.x versions ant\u00e9rieures \u00e0 4.1",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi 6.5.x versions ant\u00e9rieures \u00e0 ESXi650-202010401-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Workstation 15.x toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3981",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3981"
},
{
"name": "CVE-2020-3994",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3994"
},
{
"name": "CVE-2020-3993",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3993"
},
{
"name": "CVE-2020-3995",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3995"
},
{
"name": "CVE-2020-3982",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3982"
},
{
"name": "CVE-2020-3992",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3992"
}
],
"initial_release_date": "2020-10-20T00:00:00",
"last_revision_date": "2020-10-20T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-658",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-10-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire, un d\u00e9ni de service, une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2020-0023 du 20 octobre 2020",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
}
]
}
CERTFR-2020-AVI-520
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans les produits VMware. Elles permettent à un attaquant de provoquer un déni de service à distance et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | vCenter Server | vCenter Server versions 6.7.x antérieures à 6.7u3j | ||
| VMware | N/A | App Volumes versions 4.x antérieures à 2006 | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 4.x antérieures à 4.0.1 | ||
| VMware | N/A | App Volumes versions 2.x antérieures à 2.18.6 | ||
| VMware | vCenter Server | vCenter Server versions 7.0.x antérieures à 7.0.0b | ||
| VMware | N/A | Cloud Foundation (ESXi) versions 3.x antérieures à 3.10.0 | ||
| VMware | Cloud Foundation | Cloud Foundation (vCenter) versions 4.x antérieures à 4.0.1 | ||
| VMware | ESXi | ESXi versions 7.0.x antérieures à ESXi_7.0.0-1.25.16324942 | ||
| VMware | ESXi | ESXi versions 6.7.x antérieures à ESXi670-202008101-SG ou ESXi670-202008401-BG | ||
| VMware | vCenter Server | vCenter Server versions 6.5.x antérieures à 6.5u3k | ||
| VMware | ESXi | ESXi versions 6.5.x antérieures à ESXi650-202007401-BG ou ESXi650-202007101-SG | ||
| VMware | Cloud Foundation | Cloud Foundation (vCenter) versions 3.x antérieures à 3.10.1 (date de disponibilité non annoncée) |
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "vCenter Server versions 6.7.x ant\u00e9rieures \u00e0 6.7u3j",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Volumes versions 4.x ant\u00e9rieures \u00e0 2006",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 4.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "App Volumes versions 2.x ant\u00e9rieures \u00e0 2.18.6",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 7.0.x ant\u00e9rieures \u00e0 7.0.0b",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (ESXi) versions 3.x ant\u00e9rieures \u00e0 3.10.0",
"product": {
"name": "N/A",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (vCenter) versions 4.x ant\u00e9rieures \u00e0 4.0.1",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 7.0.x ant\u00e9rieures \u00e0 ESXi_7.0.0-1.25.16324942",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 6.7.x ant\u00e9rieures \u00e0 ESXi670-202008101-SG ou ESXi670-202008401-BG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "vCenter Server versions 6.5.x ant\u00e9rieures \u00e0 6.5u3k",
"product": {
"name": "vCenter Server",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "ESXi versions 6.5.x ant\u00e9rieures \u00e0 ESXi650-202007401-BG ou ESXi650-202007101-SG",
"product": {
"name": "ESXi",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Cloud Foundation (vCenter) versions 3.x ant\u00e9rieures \u00e0 3.10.1 (date de disponibilit\u00e9 non annonc\u00e9e)",
"product": {
"name": "Cloud Foundation",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-3975",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3975"
},
{
"name": "CVE-2020-3976",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-3976"
}
],
"initial_release_date": "2020-08-21T00:00:00",
"last_revision_date": "2020-08-21T00:00:00",
"links": [],
"reference": "CERTFR-2020-AVI-520",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-08-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nVMware. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service\n\u00e0 distance et une injection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits VMware",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2020-0018 du 20 ao\u00fbt 2020",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0018.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 VMware VMSA-2020-0019 du 20 ao\u00fbt 2020",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0019.html"
}
]
}
CVE-2025-22226 (GCVE-0-2025-22226)
Vulnerability from nvd
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22226",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:25.321408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:26.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22226 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Workstation",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "VMware Fusion",
"vendor": "n/a",
"versions": [
{
"lessThan": "13.6.3",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;an information disclosure \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edue to an out-of-bounds read in HGFS.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:57.541Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22226",
"datePublished": "2025-03-04T11:56:57.541Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:26.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22225 (GCVE-0-2025-22225)
Vulnerability from nvd
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary write vulnerability
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22225",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:23.988843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:27.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22225 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi contains an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003earbitrary write\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:27.537Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22225",
"datePublished": "2025-03-04T11:56:27.537Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22224 (GCVE-0-2025-22224)
Vulnerability from nvd
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap-overflow vulnerability
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:22.499570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:28.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, and Workstation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:39:46.987Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22224",
"datePublished": "2025-03-04T11:56:12.317Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-10-21T22:55:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37085 (GCVE-0-2024-37085)
Vulnerability from nvd
Published
2024-06-25 14:16
Modified
2025-10-21 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authentication bypass vulnerability
Summary
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3-24022510 Version: 7.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.2",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vmware:esxi:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37085",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T03:55:22.790428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:56:21.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00+00:00",
"value": "CVE-2024-37085 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-25T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware ESXi contains an authentication bypass vulnerability.\u0026nbsp;A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html\"\u003econfigured to use AD for user management\u003c/a\u003e\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003eby re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"value": "VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:16:01.280Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37085",
"datePublished": "2024-06-25T14:16:01.280Z",
"dateReserved": "2024-06-03T05:40:17.632Z",
"dateUpdated": "2025-10-21T22:56:21.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29552 (GCVE-0-2023-29552)
Vulnerability from nvd
Published
2023-04-25 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:38.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2608"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000021051"
},
{
"tags": [
"x_transferred"
],
"url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/curesec/slpload"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230426-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29552",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T21:15:30.516372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-11-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:48.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-08T00:00:00+00:00",
"value": "CVE-2023-29552 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T21:06:12.748Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2608"
},
{
"url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp"
},
{
"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000021051"
},
{
"url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html"
},
{
"url": "https://github.com/curesec/slpload"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230426-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29552",
"datePublished": "2023-04-25T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:48.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3992 (GCVE-0-2020-3992)
Vulnerability from nvd
Published
2020-10-20 16:11
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution vulnerability
Summary
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi |
Version: VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-3992",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:59:04.045831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3992"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:35.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3992"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-3992 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T23:06:15.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3992",
"datePublished": "2020-10-20T16:11:13.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:35.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22226 (GCVE-0-2025-22226)
Vulnerability from cvelistv5
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information disclosure vulnerability
Summary
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22226",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:25.321408Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:26.649Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22226"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22226 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Workstation",
"vendor": "n/a",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "VMware Fusion",
"vendor": "n/a",
"versions": [
{
"lessThan": "13.6.3",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, Workstation, and Fusion contain\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;an information disclosure \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edue to an out-of-bounds read in HGFS.\u0026nbsp;\u003c/span\u003eA malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, Workstation, and Fusion contain\u00a0an information disclosure vulnerability due to an out-of-bounds read in HGFS.\u00a0A malicious actor with administrative privileges to a virtual machine may be able to exploit this issue to leak memory from the vmx process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:57.541Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22226",
"datePublished": "2025-03-04T11:56:57.541Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:26.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22225 (GCVE-0-2025-22225)
Vulnerability from cvelistv5
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Arbitrary write vulnerability
Summary
VMware ESXi contains an arbitrary write vulnerability. A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22225",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:23.988843Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-123",
"description": "CWE-123 Write-what-where Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:27.903Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22225"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22225 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Platform",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Telco Cloud Infrastructure",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi contains an \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003earbitrary write\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003evulnerability.\u0026nbsp;\u003c/span\u003eA malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi contains an arbitrary write\u00a0vulnerability.\u00a0A malicious actor with privileges within the VMX process may trigger an arbitrary kernel write leading to an escape of the sandbox."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Arbitrary write vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-04T11:56:27.537Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22225",
"datePublished": "2025-03-04T11:56:27.537Z",
"dateReserved": "2025-01-02T04:29:59.190Z",
"dateUpdated": "2025-10-21T22:55:27.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22224 (GCVE-0-2025-22224)
Vulnerability from cvelistv5
Published
2025-03-04 11:56
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Heap-overflow vulnerability
Summary
VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| VMware | ESXi |
Version: 8.0 < ESXi80U3d-24585383 Version: 8.0 < ESXi80U2d-24585300 Version: 7.0 < ESXi70U3s-24585291 |
||||||||||||||||||||||
|
||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22224",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:22.499570Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:28.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-22224"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2025-22224 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ESXi",
"vendor": "VMware",
"versions": [
{
"lessThan": "ESXi80U3d-24585383",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi80U2d-24585300",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"lessThan": "ESXi70U3s-24585291",
"status": "affected",
"version": "7.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.6.3",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.5.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Platform",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "5.x, 4.x, 3.x, 2.x"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Telco Cloud Infrastructure",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "3.x, 2.x"
}
]
}
],
"datePublic": "2025-03-04T11:33:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware ESXi, and Workstation\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware ESXi, and Workstation\u00a0contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write.\u00a0A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine\u0027s VMX process running on the host."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Heap-overflow vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-03T14:39:46.987Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22224",
"datePublished": "2025-03-04T11:56:12.317Z",
"dateReserved": "2025-01-02T04:29:30.445Z",
"dateUpdated": "2025-10-21T22:55:28.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-37085 (GCVE-0-2024-37085)
Vulnerability from cvelistv5
Published
2024-06-25 14:16
Modified
2025-10-21 22:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Authentication bypass vulnerability
Summary
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | VMware ESXi |
Version: 8.0 < ESXi80U3-24022510 Version: 7.0 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:5.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.2",
"status": "affected",
"version": "5.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cloud_foundation",
"vendor": "vmware",
"versions": [
{
"lessThan": "5.0",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:vmware:esxi:8.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "esxi",
"vendor": "vmware",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37085",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T03:55:22.790428Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-30",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "CWE-305 Authentication Bypass by Primary Weakness",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:56:21.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-37085"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-30T00:00:00+00:00",
"value": "CVE-2024-37085 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:43:50.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"lessThan": "ESXi80U3-24022510",
"status": "affected",
"version": "8.0",
"versionType": "custom"
},
{
"status": "affected",
"version": "7.0"
}
]
},
{
"defaultStatus": "unaffected",
"product": "VMware Cloud Foundation",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "5.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"datePublic": "2024-06-25T01:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware ESXi contains an authentication bypass vulnerability.\u0026nbsp;A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html\"\u003econfigured to use AD for user management\u003c/a\u003e\u003cstrong\u003e\u003cem\u003e \u003c/em\u003e\u003c/strong\u003eby re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"value": "VMware ESXi contains an authentication bypass vulnerability.\u00a0A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group (\u0027ESXi Admins\u0027 by default) after it was deleted from AD."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-25T14:16:01.280Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-37085",
"datePublished": "2024-06-25T14:16:01.280Z",
"dateReserved": "2024-06-03T05:40:17.632Z",
"dateUpdated": "2025-10-21T22:56:21.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-29552 (GCVE-0-2023-29552)
Vulnerability from cvelistv5
Published
2023-04-25 00:00
Modified
2025-10-21 23:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:38.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2608"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.suse.com/support/kb/doc/?id=000021051"
},
{
"tags": [
"x_transferred"
],
"url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/curesec/slpload"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230426-0001/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-29552",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-28T21:15:30.516372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-11-08",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:05:48.255Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-29552"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-08T00:00:00+00:00",
"value": "CVE-2023-29552 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-26T21:06:12.748Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2608"
},
{
"url": "https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp"
},
{
"url": "https://blogs.vmware.com/security/2023/04/vmware-response-to-cve-2023-29552-reflective-denial-of-service-dos-amplification-vulnerability-in-slp.html"
},
{
"url": "https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks"
},
{
"url": "https://www.suse.com/support/kb/doc/?id=000021051"
},
{
"url": "https://curesec.com/blog/article/CVE-2023-29552-Service-Location-Protocol-Denial-of-Service-Amplification-Attack-212.html"
},
{
"url": "https://github.com/curesec/slpload"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230426-0001/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-29552",
"datePublished": "2023-04-25T00:00:00.000Z",
"dateReserved": "2023-04-07T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:05:48.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-3992 (GCVE-0-2020-3992)
Vulnerability from cvelistv5
Published
2020-10-20 16:11
Modified
2025-10-21 23:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Remote code execution vulnerability
Summary
OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | VMware ESXi |
Version: VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2020-3992",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T17:59:04.045831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3992"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:35.278Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3992"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-3992 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "VMware ESXi",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution vulnerability",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-25T23:06:15.000Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"ID": "CVE-2020-3992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VMware ESXi",
"version": {
"version_data": [
{
"version_value": "VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202010401-SG, 6.5 before ESXi650-202010401-SG) has a use-after-free issue. A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html",
"refsource": "MISC",
"url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1377/"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1385/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2020-3992",
"datePublished": "2020-10-20T16:11:13.000Z",
"dateReserved": "2019-12-30T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:35.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}