漏洞描述
该漏洞存在于VMware ESXi、Workstation和Fusion产品的HGFS(Host-Guest File System)组件中。漏洞源于HGFS组件在处理文件系统请求时的越界读取问题。当系统处理特定的文件系统操作时,由于缺乏适当的边界检查,可能导致内存信息泄露。攻击者需要具有虚拟机管理员权限才能触发此漏洞。该漏洞的根本原因是HGFS组件在进行内存操作时未能正确验证访问边界。
VMware ESXi/Workstation/Fusion HGFS组件越界读取漏洞
PoC代码
暂无相关漏洞推荐
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2021-21972: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-21973: VMware vSphere - Server-Side Request Forgery
- POC CVE-2021-21978: VMware View Planner <4.6 SP1- Remote Code Execution
- POC CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection
- POC CVE-2022-22972: VMware Workspace ONE Access/Identity Manager/vRealize Automation - Authentication Bypass
- POC CVE-2022-31656: VMware - Local File Inclusion
- POC CVE-2023-20864: VMware Aria Operations for Logs - Unauthenticated Remote Code Execution
- POC CVE-2023-20887: VMware VRealize Network Insight - Remote Code Execution
- POC CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability