VMware Workstation and Fusion Vulnerability Audit – VMSA-2024-0006
Software VulnerabilityDiscover VMware Workstation and Fusion Installations Vulnerable to CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 in Your IT Estate
VMware has released security updates for ESXi, Workstation, and Fusion in response to 4 new vulnerabilities. Together, all 4 of these issues are considered critical with CVSS scores ranging from 7.1 to 9.3. It concerns 2 use-after-free vulnerabilities in the UHCI USB controller (CVE-2024-22252 and CVE-2024-22253), 1 ESXi out-of-bounds write vulnerability (CVE-2024-22254), and an information disclosure vulnerability in UHCI USB controller (CVE-2024-22255). If successfully exploited these issues can lead to remote code execution.
All users are advised to update their installations of VMware ESXi, Workstation, and Fusion to a fixed version as soon as possible. The report below will give you an overview of all vulnerable Workstation and Fusion installations in your network. You can find a similar report for ESXi here. You can read more about these vulnerabilities in the VMWare ESXI, Workstation, and Fusion vulnerability blog post.
VMware VMSA-2024-0006 Workstation and Fusion Vulnerability Audit Lansweeper On-Prem Query
Select distinct Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblSoftware.softwareVersion As Version, Case When (tblSoftwareUni.softwareName like '%VMware Workstation%') Then '17.5.1 or higher' End As [Fixed Version], tblSoftwareUni.SoftwarePublisher As Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysOS.OSname As OS, tblAssets.SP, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblSoftware On tblAssets.AssetID = tblSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblSoftware.softID AND tblSoftwareUni.softwarename like '%VMware Workstation%' Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where (Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 17 AND Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) = 5 AND Cast(ParseName(tblSoftware.softwareVersion, 1) As bigint) < 1) or (Cast(ParseName(tblSoftware.softwareVersion, 3) As bigint) = 17 AND Cast(ParseName(tblSoftware.softwareVersion, 2) As bigint) < 5) UNION Select distinct Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblMacApplications.Version As Version, Case When tblSoftwareUni.softwareName like '%vmware fusion%' Then '13.5.1 or higher' End As [Fixed Version], tblSoftwareUni.SoftwarePublisher As Publisher, tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tsysOS.OSname As OS, tblAssets.SP, Case When tblErrors.ErrorText Is Not Null Or tblErrors.ErrorText != '' Then 'Scanning Error: ' + tsysasseterrortypes.ErrorMsg Else '' End As ScanningErrors, tblAssets.Lastseen, tblAssets.Lasttried From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblMacApplications On tblAssets.AssetID = tblMacApplications.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblMacApplications.softid AND (tblSoftwareUni.softwareName like '%vmware fusion%') Left Join tsysOS On tsysOS.OScode = tblAssets.OScode Left Join (Select Distinct Top 1000000 tblErrors.AssetID As ID, Max(tblErrors.Teller) As ErrorID From tblErrors Group By tblErrors.AssetID) As ScanningError On tblAssets.AssetID = ScanningError.ID Left Join tblErrors On ScanningError.ErrorID = tblErrors.Teller Left Join tsysasseterrortypes On tsysasseterrortypes.Errortype = tblErrors.ErrorType Where ((IsNumeric(ParseName(tblMacApplications.Version, 3)) = 1 AND Cast(ParseName(tblMacApplications.Version, 3) As bigint) = 13) AND (IsNumeric(ParseName(tblMacApplications.Version, 2)) = 1 AND Cast(ParseName(tblMacApplications.Version, 2) As bigint) = 5 ) AND (IsNumeric(ParseName(tblMacApplications.Version, 1)) = 1 AND Cast(ParseName(tblMacApplications.Version, 1) As bigint) < 1)) or ((IsNumeric(ParseName(tblMacApplications.Version, 3)) = 1 AND Cast(ParseName(tblMacApplications.Version, 3) As bigint) = 13) AND (IsNumeric(ParseName(tblMacApplications.Version, 2)) = 1 AND Cast(ParseName(tblMacApplications.Version, 2) As bigint) < 5 ))