Security scans against VMware Remote Console 12.0.5 report multiple libcurl vulnerabilities

search cancel

Security scans against VMware Remote Console 12.0.5 report multiple libcurl vulnerabilities

book

Article ID: 395450

calendar_today

Updated On:

Products

Remote Console

Issue/Introduction

When running a security scan against VMware Remote Console (VMRC) 12.0.5, the included libcurl version is being reported as vulnerable against multiple vulnerabilities, namely:

CVE-2023-38545
CVE-2024-7264
CVE-2023-38546

Environment

VMware Remote Console Standalone 12.0.5
VMware Remote Console Standalone 13.0.0

Resolution

All of these 3 findings are false positives.

While VMRC 12.0.5 ships with a libcurl version that is technically affected, due to the way the library is implemented and used, CVE-2024-7264, CVE-2023-38545 and CVE-2023-38546 cannot be exploited against the product.

This issue is addressed in VCF 9.0 / VMRC 13, which ships with libcurl 8.11.

Feedback

thumb_up Yes

thumb_down No