VMware has issued a critical security update to address issues in its ESXi, Fusion and Workstation products, including VMware Cloud Foundation versions. Exploitation could give attackers access to workloads inside organizations’ virtual environments.
The bugs have a range of 5.3 to 8.4 out of 10 on the CVSS vulnerability-severity scale, making them individually “important” or “moderate” issues. However, the virtualization giant noted that they can be chained together for worse outcomes: “Combining these issues may result in higher severity, hence the severity of this [advisory] is at severity level critical.”
