Critical Vulnerabilities in VMware Products Allow Hackers to Gain Broad Access
Three Critical Vulnerabilities Discovered
Three critical vulnerabilities in multiple virtual-machine products from VMware can give hackers unusually broad access to some of the most sensitive environments inside multiple customers’ networks, the company and outside researchers warned Tuesday.
What is Virtual Machine Escape?
Virtual machines often run inside hosting environments to prevent one customer from being able to access or control the resources of other customers. By breaking out of one customer’s isolated VM environment, a threat actor could take control of the hypervisor that apportions each VM. From there, the attacker could access the VMs of multiple customers, who often use these carefully controlled environments to host their internal networks.
The Consequences of a Successful Attack
"If you can escape to the hypervisor you can access every system," security researcher Kevin Beaumont said on Mastodon. "If you can escape to the hypervisor, all bets are off as a boundary is broken." He added: "With this vuln you’d be able to use it to traverse VMware managed hosting providers, private clouds orgs have built on-prem, etc."
Impacted Products
VMware warned Tuesday that it has evidence suggesting the vulnerabilities are already under active exploitation in the wild. The company didn’t elaborate. Beaumont said the vulnerabilities affect "every supported (and unsupported)" version in VMware’s ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform product lines.
Conclusion
The discovery of these critical vulnerabilities highlights the importance of prioritizing security in virtual-machine products, especially in environments where sensitive data is stored and processed. It is essential for customers to take immediate action to patch these vulnerabilities and ensure their virtual-machine products are properly configured and monitored.
Frequently Asked Questions
Q: What are the affected products?
A: The vulnerabilities affect VMware’s ESXi, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform product lines.
Q: Is the attack already being exploited in the wild?
A: Yes, according to VMware, they have evidence suggesting the vulnerabilities are already being exploited.
Q: How can I protect myself from these vulnerabilities?
A: Customers should take immediate action to patch these vulnerabilities and ensure their virtual-machine products are properly configured and monitored.
