VMware Security Patches for High-Severity Flaws Affecting Multiple Products
Reading Time: 2 minutes

VMware issued security patches for high severity flaws affecting multiple products such as ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere. The vulnerabilities can lead to threat actors exploiting them to execute arbitrary code and cause a denial-of-service (DoS) condition.

VMware mentioned in a separate FAQ, “The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments. Organizations that practice change management using the ITIL definitions of change types would consider this an ’emergency change.'”

The list of high-security flaws that affect various VMware products is as follows.

  1. CVE-2021-22040 (CVSS score: 8.4) – Use-after-free vulnerability in XHCI USB controller
  2. CVE-2021-22041 (CVSS score: 8.4) – Double-fetch vulnerability in UHCI USB controller
  3. CVE-2021-22042 (CVSS score: 8.2) – ESXi settingsd unauthorized access vulnerability
  4. CVE-2021-22043 (CVSS score: 8.2) – ESXi settings TOCTOU vulnerability
  5. CVE-2021-22050 (CVSS score: 5.3) – ESXi slow HTTP POST denial-of-service vulnerability
  6. CVE-2022-22945 (CVSS score: 8.8) – CLI shell injection vulnerability in the NSX Edge appliance component

Malicious actors can possibly exploit these vulnerabilities using local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host. The threat actors can also be able to access the settings and escalate their privileges by writing arbitrary files.

The CVE-2021-22050 vulnerability can also be weaponized by malicious operators to gain access to ESXi and create a DoS condition by overwhelming rhttpproxy service with multiple requests. 

While the CVE-2022-22945 can permit a threat actor with SSH access to an NSX-Edge appliance (NSX-V) to run arbitrary commands on the operating system as a root user.

Related Articles:
EU Data Protection Authority Calls for Ban on Pegasus-like Commercial Spyware
Hackers of GiveSendGo Breach Leak Names, Personal Details of Donors to ‘Freedom Convoy’ Protest
ShadowPad Malware Attacks Shows Links with Chinese Ministry and PLA