Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.VMWARE_ESXI_VMSA-2022-0001.NASL
HistorySep 23, 2022 - 12:00 a.m.

ESXi 6.5 / 6.7 / 7.0 Heap Overflow RCE (VMSA-2022-0001)

2022-09-2300:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
33
JSON

The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by a heap overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(165337);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");

  script_cve_id("CVE-2021-22045");
  script_xref(name:"VMSA", value:"2022-0001");
  script_xref(name:"IAVA", value:"2022-A-0039");

  script_name(english:"ESXi 6.5 / 6.7 / 7.0 Heap Overflow RCE (VMSA-2022-0001)");

  script_set_attribute(attribute:"synopsis", value:
"The remote VMware ESXi host is missing a security patch and is affected by a heap overflow vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote VMware ESXi host is version 6.5, 6.7 or 7.0 and is affected by a heap overflow vulnerability in CD-ROM
device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit
this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://www.vmware.com/security/advisories/VMSA-2022-0001.html");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch or workaround as referenced in the vendor advisory.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22045");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/01/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/23");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:esxi");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("vmware_vsphere_detect.nbin");
  script_require_keys("Host/VMware/version", "Host/VMware/release", "Settings/ParanoidReport");

  exit(0);
}

# Not checking workaround https://kb.vmware.com/s/article/87249
if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var fixes = make_array(
  '6.5', '18678235', # ESXi650-202110001
  '6.7', '18828794', # ESXi670-202111001
  '7.0', '19193900'  # ESXi 7.0 Update 3c
);

var rel = get_kb_item_or_exit('Host/VMware/release');
if ('ESXi' >!< rel) audit(AUDIT_OS_NOT, 'ESXi');

var ver = get_kb_item_or_exit('Host/VMware/version');
var port  = get_kb_item_or_exit('Host/VMware/vsphere');

var match = pregmatch(pattern:"^ESXi? ([0-9]+\.[0-9]+).*$", string:ver);
if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '6.5 / 6.7 / 7.0');
ver = match[1];

if (ver !~ "^(7\.0|6\.(5|7))$") audit(AUDIT_OS_NOT, 'ESXi 6.5 / 6.7 / 7.0');

var fixed_build = int(fixes[ver]);

if (empty_or_null(fixed_build)) audit(AUDIT_VER_FORMAT, ver);

match = pregmatch(pattern:"^VMware ESXi.*build-([0-9]+)$", string:rel);
if (isnull(match)) audit(AUDIT_UNKNOWN_BUILD, 'VMware ESXi', '6.5 / 6.7 / 7.0');

var build = int(match[1]);

if (build >= fixed_build) audit(AUDIT_INST_VER_NOT_VULN, 'VMware ESXi', ver + ' build ' + build);

var report = '\n  ESXi version    : ' + ver +
         '\n  Installed build : ' + build +
         '\n  Fixed build     : ' + fixed_build +
         '\n';

security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);
VendorProductVersionCPE
vmwareesxicpe:/o:vmware:esxi

Related

nessus 2
vmware 3
prion 1
thn 1
cnvd 1
cve 1
hivepro 1
kaspersky 1
zdi 1
threatpost 1
ibm 1
nessus
nessus
VMware Fusion 12.x < 12.2.0 Heap Overflow RCE (VMSA-2022-0001)
2022-02-08 00:00:00
VMware Workstation 16.0.x < 16.2.0 Heap Overflow RCE (VMSA-2022-0001)
2022-02-08 00:00:00
vmware
vmware
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
2022-01-04 00:00:00
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
2022-01-04 00:00:00
VMware Workstation, Fusion and ESXi updates address a heap-overflow vulnerability (CVE-2021-22045)
2022-01-04 00:00:00
prion
prion
Heap overflow
2022-01-04 22:15:00
thn
thn
VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products
2022-01-06 06:17:00
cnvd
cnvd
VMware ESXi Buffer Overflow Vulnerability
2022-01-06 00:00:00
cve
cve
CVE-2021-22045
2022-01-04 22:15:00
hivepro
hivepro
High severity vulnerability in VMware Workstation, Fusion, and ESXi
2022-01-06 05:31:20
kaspersky
kaspersky
KLA12412 ACE vulnerability in VMware Workstation
2022-01-04 00:00:00
zdi
zdi
VMware Workstation SCSI Heap-based Buffer Overflow Privilege Escalation Vulnerability
2022-01-06 00:00:00
threatpost
threatpost
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
2022-01-06 16:47:44
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)
2022-05-10 23:56:17
JSON
Related for VMWARE_ESXI_VMSA-2022-0001.NASL
nessus2vmware3prion1thn1cnvd1cve1hivepro1kaspersky1zdi1threatpost1ibm1