Description
VMware ESXi contains a denial-of-service vulnerability that occurs when performing a guest operation. A malicious actor with guest operation privileges on a VM, who is already authenticated through vCenter Server or ESXi may trigger this issue to create a denial-of-service condition of guest VMs with VMware Tools running and guest operations enabled.
CVSS breakdown
CVSS 3.1
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Affected products
- VMware / Cloud Foundation5.x, 4.5.x – 5.x, 4.5.x
- VMware / ESXi8.0 – ESXi80U3se-24659227
- VMware / ESXi7.0 – ESXi70U3sv-24723868
- VMware / Telco Cloud Infrastructure3.x, 2.x – 3.x, 2.x
- VMware / Telco Cloud Platform5.x, 4.x, 3.x, 2.x – 5.x, 4.x, 3.x, 2.x