Security vulnerabilities have been discovered in some VMware products. The BSI classifies these vulnerabilities as critical. Among other things, the USB controllers in various devices are affected.
A local attacker can exploit multiple vulnerabilities in VMware ESXi, VMware Workstation, VMware Fusion and VMware Cloud Foundation to execute arbitrary code, bypass security measures or disclose information, the BSI warns and recommends using updates as soon as they are available.
CVSS vulnerability scores range from 7,1 to 9,3. They are all classified as critical because they allow attackers to bypass virtual machines and access the host operating system. An update is not yet available, but VMware has released a workaround to prevent unauthorized access.
More at BSI
About the Federal Office for Information Security (BSI) The Federal Office for Information Security (BSI) is the federal cyber security authority and the creator of secure digitization in Germany. The guiding principle: As the federal cyber security authority, the BSI designs information security in digitization through prevention, detection and reaction for the state, economy and society.