cve-2024-22269
Vulnerability from cvelistv5
Published
2024-05-14 12:59
Modified
2024-08-01 22:43
Severity ?
EPSS score ?
Summary
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| N/A | VMware Workstation | |
| N/A | VMware Fusion |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:vmware:vmware_workstation:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vmware_workstation",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "17.0.0"
}
]
},
{
"cpes": [
"cpe:2.3:a:vmware:fusion:13.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "fusion",
"vendor": "vmware",
"versions": [
{
"status": "affected",
"version": "13.0.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22269",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T14:11:37.404757Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:52:42.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:33.677Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"Linux"
],
"product": "VMware Workstation",
"vendor": "N/A",
"versions": [
{
"lessThan": "17.5.2",
"status": "affected",
"version": "17.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "VMware Fusion",
"vendor": "N/A",
"versions": [
{
"lessThan": "13.5.2",
"status": "affected",
"version": "13.x",
"versionType": "custom"
}
]
}
],
"datePublic": "2024-05-14T04:50:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eVMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device.\u0026nbsp;\u003c/span\u003eA malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure vulnerability",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-14T12:59:28.869Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2024-22269",
"datePublished": "2024-05-14T12:59:28.869Z",
"dateReserved": "2024-01-08T18:43:17.079Z",
"dateUpdated": "2024-08-01T22:43:33.677Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-22269\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2024-05-14T16:16:10.117\",\"lastModified\":\"2025-06-27T13:34:58.657\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device.\u00a0A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.\\n\\n\"},{\"lang\":\"es\",\"value\":\"VMware Workstation y Fusion contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en el dispositivo vbluetooth. Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede leer informaci\u00f3n privilegiada contenida en la memoria del hipervisor desde una m\u00e1quina virtual.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.5,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"AND\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0.0\",\"versionEndExcluding\":\"17.5.2\",\"matchCriteriaId\":\"EA567E5A-412F-4ED3-9434-E0290CDF753F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.5.2\",\"matchCriteriaId\":\"373FFB23-C9E8-495D-BD27-6DC875887440\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]}],\"references\":[{\"url\":\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.