| This Multi-State Information Sharing and Analysis Center (MS-ISAC) Advisory is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals. |
| Multiple vulnerabilities discovered in VMware ESXi, Workstation, and Fusion could allow for local code execution. VMware ESXi, Workstation, and Fusion are all virtualization products that allow users to run virtual machines (VMs) on their computers. Successful exploitation of these vulnerabilities could allow for local code execution in the context of the administrator account. Threat actors could install programs; view, change, or delete data; or create new accounts with full user rights. |
| Threat Intelligence VMware by Broadcom has information to suggest that exploitations of the vulnerabilities have occurred in the wild. |
| Systems Affected |
| VMware ESXi 8.0, 7.0 VMware Workstation 17.x VMware Fusion 13.x VMware Cloud Foundation 5.x, 4.5x VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x VMware Telco Cloud Infrastructure 3.x, 2.x |
| Risk Government: – Large and medium government entities: High – Small government entities: Medium |
| Businesses: – Large and medium business entities: High – Small business entities: Medium |
| Home Users: Low |
| Recommendations |
| Apply appropriate patches provided by VMware to vulnerable systems immediately after appropriate testing. Restrict use of certain websites, block downloads/attachments, block JavaScript, restrict browser extensions, etc. Apply the Principle of Least Privilege to all systems and services. Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack. Block execution of code on a system through application control, and/or script blocking. Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. |