Lucene search

K
thnThe Hacker NewsTHN:A6706F6A6D380D968EF32C856D9C796F
HistoryFeb 16, 2022 - 11:25 a.m.

VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products

2022-02-1611:25:00
The Hacker News
thehackernews.com
65

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition.

As of writing, there’s no evidence that any of the weaknesses are exploited in the wild. The list of six flaws is as follows –

  • CVE-2021-22040 (CVSS score: 8.4) - Use-after-free vulnerability in XHCI USB controller
  • CVE-2021-22041 (CVSS score: 8.4) - Double-fetch vulnerability in UHCI USB controller
  • CVE-2021-22042 (CVSS score: 8.2) - ESXi settingsd unauthorized access vulnerability
  • CVE-2021-22043 (CVSS score: 8.2) - ESXi settingsd TOCTOU vulnerability
  • CVE-2021-22050 (CVSS score: 5.3) - ESXi slow HTTP POST denial-of-service vulnerability
  • CVE-2022-22945 (CVSS score: 8.8) - CLI shell injection vulnerability in the NSX Edge appliance component

Successful exploitation of the flaws could allow a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host. It could also allow the adversary with access to settingsd to escalate their privileges by writing arbitrary files.

Additionally, CVE-2021-22050 could be weaponized by an adversary with network access to ESXi to create a DoS condition by overwhelming rhttpproxy service with multiple requests. Last but not least, CVE-2022-22945 could permit an attacker with SSH access to an NSX-Edge appliance (NSX-V) to run arbitrary commands on the operating system as root user.

Four of the issues were originally discovered as part of the Tianfu Cup held last year in China, with the virtualization services provider working with the contest’s organizers to review the findings and receive the information privately.

“The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments,” VMware noted in a separate FAQ. “Organizations that practice change management using the ITIL definitions of change types would consider this an ‘emergency change.’”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for THN:A6706F6A6D380D968EF32C856D9C796F