CVE-2024-22270

{"id": "CVE-2024-22270", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2024-05-14T16:16:12.613", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality.\u00a0A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.\n\n"}, {"lang": "es", "value": "VMware Workstation y Fusion contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad Host Guest File Sharing (HGFS). Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede leer informaci\u00f3n privilegiada contenida en la memoria del hipervisor desde una m\u00e1quina virtual."}], "lastModified": "2025-06-27T13:36:04.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA567E5A-412F-4ED3-9434-E0290CDF753F", "versionEndExcluding": "17.5.2", "versionStartIncluding": "17.0.0"}], "operator": "AND"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "373FFB23-C9E8-495D-BD27-6DC875887440", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@vmware.com"}