{"id":168009,"date":"2024-09-03T21:22:40","date_gmt":"2024-09-03T21:22:40","guid":{"rendered":"https:\/\/securityaffairs.com\/?p=168009"},"modified":"2024-09-03T21:26:41","modified_gmt":"2024-09-03T21:26:41","slug":"vmware-fusion-cve-2024-38811","status":"publish","type":"post","link":"https:\/\/securityaffairs.com\/168009\/security\/vmware-fusion-cve-2024-38811.html","title":{"rendered":"VMware fixed a code execution flaw in Fusion hypervisor"},"content":{"rendered":"
<\/div>\n

VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it. <\/h2>\n\n\n\n

VMware addressed a high-severity code execution vulnerability, tracked as\u00a0CVE-2024-38811<\/a>\u00a0(CVSS 8.8\/10), in its Fusion hypervisor. <\/p>\n\n\n\n

The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can trigger the flaw to execute code in the context of the Fusion application.<\/p>\n\n\n\n

“VMware Fusion contains a code-execution vulnerability due to the usage of an insecure environment variable.” reads the advisory<\/strong><\/a> published by the virtualization giant. “A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.”<\/em><\/p>\n\n\n\n

The vulnerability affects VMware Fusion versions 13.x, the company addressed the issue with the version 13.6<\/a>. <\/p>\n\n\n\n

According to the advisory, there are no workarounds available for the vulnerability. It is not clear if the company is aware of attacks in the wild that exploited the flaw.<\/gwmw><\/p>\n\n\n\n

Pierluigi Paganini<\/strong><\/a><\/p>\n\n\n\n

Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n

(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking, VMware Fusion<\/a>)<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

VMware released a patch to address a high-severity code execution flaw in its Fusion hypervisor, users are urged to apply it. VMware addressed a high-severity code execution vulnerability, tracked as\u00a0CVE-2024-38811\u00a0(CVSS 8.8\/10), in its Fusion hypervisor. The vulnerability is due to the usage of an insecure environment variable, a threat actor with standard user privileges can […]<\/p>\n","protected":false},"author":1,"featured_media":116235,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3323,55],"tags":[4112,9508,9506,10918,687,841,1533,5034,15341],"class_list":["post-168009","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-breaking-news","category-security","tag-hacking","tag-hacking-news","tag-information-security-news","tag-it-information-security","tag-pierluigi-paganini","tag-security-affairs","tag-security-news","tag-vmware","tag-vmware-fusion"],"yoast_head":"\n杭州江阴科强工业胶带有限公司