CVE-2024-22270

VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280	Vendor Advisory
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

27 Jun 2025, 13:36

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 - Vendor Advisory
CPE		cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:a:vmware:fusion:::::::: cpe:2.3:a:vmware:workstation::::::::
First Time		Vmware workstation Apple Vmware Vmware fusion Apple macos

21 Nov 2024, 08:55

Type	Values Removed	Values Added
References	~~() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 -~~	() https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 -

15 Aug 2024, 19:35

Type	Values Removed	Values Added
CWE		CWE-200

14 May 2024, 19:18

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 16:16

Updated : 2025-06-27 13:36

NVD link : CVE-2024-22270

Mitre link : CVE-2024-22270

CVE.ORG link : CVE-2024-22270

JSON object : View

Products Affected

apple

macos

vmware

fusion
workstation

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-22270", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@vmware.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 1.5}]}, "published": "2024-05-14T16:16:12.613", "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}, {"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality.\u00a0A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.\n\n"}, {"lang": "es", "value": "VMware Workstation y Fusion contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n en la funcionalidad Host Guest File Sharing (HGFS). Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede leer informaci\u00f3n privilegiada contenida en la memoria del hipervisor desde una m\u00e1quina virtual."}], "lastModified": "2025-06-27T13:36:04.077", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA567E5A-412F-4ED3-9434-E0290CDF753F", "versionEndExcluding": "17.5.2", "versionStartIncluding": "17.0.0"}], "operator": "AND"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "373FFB23-C9E8-495D-BD27-6DC875887440", "versionEndExcluding": "13.5.2", "versionStartIncluding": "13.0.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@vmware.com"}