Vulnerabilities in VMware when chained together grants Full System Control

Threat Advisories

Vulnerabilities in VMware when chained together grants Full System Control

Threat Level
Vulnerability Report

For a detailed advisory, download the pdf file here

Summary

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to organizations about malicious actors using CVE-2022-22954 and CVE-2022-22960. This alert was published following the disclosure of two related vulnerabilities (CVE-2022-22972 and CVE-2022-22973), putting it vulnerable to future exploitation. All these flaws might be exploited separately or in combination to obtain total control.