1.0 Introduction
Recently, VMware released a security advisory addressing multiple vulnerabilities in its products.
2.0 Impact
These vulnerabilities could allow attackers to gain unauthorized access, execute arbitrary commands, cause denial-of-service (DoS) conditions, or perform cross-site scripting (XSS) attacks.
3.0 Affected Products
- VMware Cloud Foundation version prior to 5.2.1.2
- VMware Cloud Foundation 4.5.x
- vCenter Server versions prior to 8.0 U3e and 7.0 U3v
- VMware ESXi versions prior to ESXi80U3se-24659227 and ESXi70U3sv-24723868
- VMware Cloud Foundation (vCenter) versions prior to 8.0 U3e and 7.0 U3v
- VMware Cloud Foundation (ESXi) versions prior to ESXi80U3se-24659227 and ESXi70U3sv-24723868
- VMware Telco Cloud Foundation (ESXi) versions prior to ESXi80U3se-24659227
- VMware Telco Cloud Foundation (vCenter) versions prior to 8.0 U3e
- VMware Telco Cloud Infrastructure (vCenter) versions prior to 8.0 U3e and 7.0 U3v
- VMware Workstation versions prior to 17.6.3
- VMware Fusion versions prior to 13.6.3
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the VMware Advisories and apply the necessary updates.
Kindly refer to the following URL:
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25733
Generally, we advise users to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:3the 0 MYT
Web: https://www.mycert.org.my
5.0 References