{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-091.pdf"
    },
    "title": "High Severity Vulnerability in VMware Fusion for MacOS",
    "serial_number": "2024-091",
    "publish_date": "04-09-2024 07:49:34",
    "description": "On September 3, 2024, Broadcom disclosed a high-severity vulnerability in VMware Fusion, which could allow attackers to execute arbitrary code on macOS systems.<br>\n",
    "url_title": "2024-091",
    "content_markdown": "---    \ntitle: 'High Severity Vulnerability in\u00a0VMware\u00a0Fusion\u00a0for\u00a0MacOS'\nnumber: '2024-091'\nversion: '1.0'\noriginal_date: '2024-09-03'\ndate: '2024-09-04'\n---\n\n_History:_\n\n* _04/09/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn September 3, 2024, Broadcom disclosed a high-severity vulnerability in VMware Fusion, which could allow attackers to execute arbitrary code on macOS systems [1].\n\n# Technical Details\n\nThe vulnerability **CVE-2024-38811**, with a CVSS score of 8.8, arises from improper handling of environment variables, allowing malicious actors with standard user privileges to execute arbitrary code within the VMware Fusion environment. This may lead to full-system compromise, potentially exposing sensitive data and disrupting operations.\n\n# Affected Products\n\n- VMware Fusion versions prior to 13.6, running on macOS.\n\n# Recommendations\n\nCERT-EU recommends to immediately update VMware Fusion to a fixed version.\n\n# References\n\n[1] <https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>04/09/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On September 3, 2024, Broadcom disclosed a high-severity vulnerability in VMware Fusion, which could allow attackers to execute arbitrary code on macOS systems [1].</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-38811</strong>, with a CVSS score of 8.8, arises from improper handling of environment variables, allowing malicious actors with standard user privileges to execute arbitrary code within the VMware Fusion environment. This may lead to full-system compromise, potentially exposing sensitive data and disrupting operations.</p><h2 id=\"affected-products\">Affected Products</h2><ul><li>VMware Fusion versions prior to 13.6, running on macOS.</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>CERT-EU recommends to immediately update VMware Fusion to a fixed version.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939\">https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}