CVE-2024-22255 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.1 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
vmware	CNA	7.1 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CISA-ADP	ADP	7.1 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
vmware	cloud_foundation	4.0 ≤ 𝑥 ≤ 5.0
vmware	workstation	17.0.0 ≤ 𝑥 < 17.5.1
vmware	esxi	7.0
vmware	esxi	7.0:update_1
vmware	esxi	7.0:update_1a
vmware	esxi	7.0:update_1b
vmware	esxi	7.0:update_1c
vmware	esxi	7.0:update_1d
vmware	esxi	7.0:update_1e
vmware	esxi	7.0:update_2
vmware	esxi	7.0:update_2a
vmware	esxi	7.0:update_2c
vmware	esxi	7.0:update_2d
vmware	esxi	7.0:update_2e
vmware	esxi	7.0:update_3
vmware	esxi	7.0:update_3c
vmware	esxi	7.0:update_3d
vmware	esxi	7.0:update_3e
vmware	esxi	7.0:update_3f
vmware	esxi	7.0:update_3g
vmware	esxi	7.0:update_3i
vmware	esxi	7.0:update_3j
vmware	esxi	7.0:update_3k
vmware	esxi	7.0:update_3l
vmware	esxi	7.0:update_3m
vmware	esxi	7.0:update_3n
vmware	esxi	7.0:update_3o
vmware	esxi	7.0.0:b
vmware	esxi	8.0
vmware	esxi	8.0:a
vmware	esxi	8.0:b
vmware	esxi	8.0:c
vmware	esxi	8.0:update_1
vmware	esxi	8.0:update_1a
vmware	esxi	8.0:update_1c
vmware	esxi	8.0:update_2
vmware	fusion	13.0.0 ≤ 𝑥 < 13.5.1

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

https://www.vmware.com/security/advisories/VMSA-2024-0006.html

https://www.vmware.com/security/advisories/VMSA-2024-0006.html