National Cyber Warfare Foundation (NCWF) Forums


VMWare releases Fusion vulnerability with 8.8 rating


0 user ratings
2024-09-03 16:06:15
milo
Blue Team (CND)

The company issued a patch for the high-severity bug that allows arbitrary code execution.


The post VMWare releases Fusion vulnerability with 8.8 rating appeared first on CyberScoop.



A critical vulnerability in VMWare Fusion that allows code execution in the program with standard user privileges was released last Wednesday, according to Broadcom.





The security advisory is for version 13.x until 13.6 on the popular virtualization software for macOS. The bug — CVE-2024-38811 — has a CVSSv3 base score of 8.8 and is caused by an insecure environment variable. Mykola Grymalyuk of RIPEDA Consulting reported the vulnerability and VMWare has issued a patched version of the software.





The vulnerability allows a user with standard privileges to execute code within the Fusion application.





Ransomware actors have long used VMWare products for initial access and further digital extortion. The new ransomware variant Cicada3301 is known to use a vulnerability in VMWare ESXi systems. 


The post VMWare releases Fusion vulnerability with 8.8 rating appeared first on CyberScoop.



Source: CyberScoop
Source Link: https://cyberscoop.com/vmware-vulnerability-fushion-cve-2024-38811/


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2024 - National Cyber Warfare Foundation - All rights reserved worldwide.