CVE-2024-22270

CWE-200 — Information Exposure3 documents3 sources

Severity

6.0MEDIUM

EPSS

0.1%

top 76.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Workstation

Timeline

PublishedMay 14

Description

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.5 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5vmware_fusion13.x — 13.5.2

▶NVDvmware/fusion13.0.0 — 13.5.2

▶CVEListV5vmware_workstation17.x — 17.5.2

▶NVDvmware/workstation17.0.0 — 17.5.2

🔴Vulnerability Details

CVEList

CVE-2024-22270: VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality↗2024-05-14

▶

GHSA

GHSA-455v-w5mm-7hf6: VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality↗2024-05-14

▶