Lucene search
HistoryJan 04, 2022 - 10:15 p.m.
CVE-2021-22045
cve-2021-22045
vmware
esxi
workstation
fusion
heap-overflow
cd-rom
emulation
vulnerability
nvd
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.9%
VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
Affected configurations
Node
vmwarecloud_foundationRange3.0โ3.10.2.2
ORvmwarecloud_foundationRange4.0โ4.3.1
ORvmwareworkstationRange16.0.0โ16.2.0
Node
applemac_os_xMatch-
vmwarefusionRange12.0.0โ12.2.0
Node
vmwareesxiMatch6.5-
ORvmwareesxiMatch6.5650-201701001
ORvmwareesxiMatch6.5650-201703001
ORvmwareesxiMatch6.5650-201703002
ORvmwareesxiMatch6.5650-201704001
ORvmwareesxiMatch6.5650-201707101
ORvmwareesxiMatch6.5650-201707102
ORvmwareesxiMatch6.5650-201707103
ORvmwareesxiMatch6.5650-201707201
ORvmwareesxiMatch6.5650-201707202
ORvmwareesxiMatch6.5650-201707203
ORvmwareesxiMatch6.5650-201707204
ORvmwareesxiMatch6.5650-201707205
ORvmwareesxiMatch6.5650-201707206
ORvmwareesxiMatch6.5650-201707207
ORvmwareesxiMatch6.5650-201707208
ORvmwareesxiMatch6.5650-201707209
ORvmwareesxiMatch6.5650-201707210
ORvmwareesxiMatch6.5650-201707211
ORvmwareesxiMatch6.5650-201707212
ORvmwareesxiMatch6.5650-201707213
ORvmwareesxiMatch6.5650-201707214
ORvmwareesxiMatch6.5650-201707215
ORvmwareesxiMatch6.5650-201707216
ORvmwareesxiMatch6.5650-201707217
ORvmwareesxiMatch6.5650-201707218
ORvmwareesxiMatch6.5650-201707219
ORvmwareesxiMatch6.5650-201707220
ORvmwareesxiMatch6.5650-201707221
ORvmwareesxiMatch6.5650-201710001
ORvmwareesxiMatch6.5650-201712001
ORvmwareesxiMatch6.5650-201803001
ORvmwareesxiMatch6.5650-201806001
ORvmwareesxiMatch6.5650-201808001
ORvmwareesxiMatch6.5650-201810001
ORvmwareesxiMatch6.5650-201810002
ORvmwareesxiMatch6.5650-201811001
ORvmwareesxiMatch6.5650-201811002
ORvmwareesxiMatch6.5650-201811301
ORvmwareesxiMatch6.5650-201901001
ORvmwareesxiMatch6.5650-201903001
ORvmwareesxiMatch6.5650-201905001
ORvmwareesxiMatch6.5650-201908001
ORvmwareesxiMatch6.5650-201910001
ORvmwareesxiMatch6.5650-20191004001
ORvmwareesxiMatch6.5650-201911001
ORvmwareesxiMatch6.5650-201911401
ORvmwareesxiMatch6.5650-201911402
ORvmwareesxiMatch6.5650-201912001
ORvmwareesxiMatch6.5650-201912002
ORvmwareesxiMatch6.5650-201912101
ORvmwareesxiMatch6.5650-201912102
ORvmwareesxiMatch6.5650-201912103
ORvmwareesxiMatch6.5650-201912104
ORvmwareesxiMatch6.5650-201912301
ORvmwareesxiMatch6.5650-201912401
ORvmwareesxiMatch6.5650-201912402
ORvmwareesxiMatch6.5650-201912403
ORvmwareesxiMatch6.5650-201912404
ORvmwareesxiMatch6.5650-202005001
ORvmwareesxiMatch6.5650-202006001
ORvmwareesxiMatch6.5650-202007001
ORvmwareesxiMatch6.5650-202010001
ORvmwareesxiMatch6.5650-202011001
ORvmwareesxiMatch6.5650-202011002
ORvmwareesxiMatch6.5650-202102001
ORvmwareesxiMatch6.5650-202102002
ORvmwareesxiMatch6.5650-202102003
ORvmwareesxiMatch6.5650-202107401
Node
vmwareesxiMatch6.7-
ORvmwareesxiMatch6.7670-201806001
ORvmwareesxiMatch6.7670-201807001
ORvmwareesxiMatch6.7670-201808001
ORvmwareesxiMatch6.7670-201810001
ORvmwareesxiMatch6.7670-201810101
ORvmwareesxiMatch6.7670-201810102
ORvmwareesxiMatch6.7670-201810103
ORvmwareesxiMatch6.7670-201810201
ORvmwareesxiMatch6.7670-201810202
ORvmwareesxiMatch6.7670-201810203
ORvmwareesxiMatch6.7670-201810204
ORvmwareesxiMatch6.7670-201810205
ORvmwareesxiMatch6.7670-201810206
ORvmwareesxiMatch6.7670-201810207
ORvmwareesxiMatch6.7670-201810208
ORvmwareesxiMatch6.7670-201810209
ORvmwareesxiMatch6.7670-201810210
ORvmwareesxiMatch6.7670-201810211
ORvmwareesxiMatch6.7670-201810212
ORvmwareesxiMatch6.7670-201810213
ORvmwareesxiMatch6.7670-201810214
ORvmwareesxiMatch6.7670-201810215
ORvmwareesxiMatch6.7670-201810216
ORvmwareesxiMatch6.7670-201810217
ORvmwareesxiMatch6.7670-201810218
ORvmwareesxiMatch6.7670-201810219
ORvmwareesxiMatch6.7670-201810220
ORvmwareesxiMatch6.7670-201810221
ORvmwareesxiMatch6.7670-201810222
ORvmwareesxiMatch6.7670-201810223
ORvmwareesxiMatch6.7670-201810224
ORvmwareesxiMatch6.7670-201810225
ORvmwareesxiMatch6.7670-201810226
ORvmwareesxiMatch6.7670-201810227
ORvmwareesxiMatch6.7670-201810228
ORvmwareesxiMatch6.7670-201810229
ORvmwareesxiMatch6.7670-201810230
ORvmwareesxiMatch6.7670-201810231
ORvmwareesxiMatch6.7670-201810232
ORvmwareesxiMatch6.7670-201810233
ORvmwareesxiMatch6.7670-201810234
ORvmwareesxiMatch6.7670-201811001
ORvmwareesxiMatch6.7670-201901001
ORvmwareesxiMatch6.7670-201901401
ORvmwareesxiMatch6.7670-201901402
ORvmwareesxiMatch6.7670-201901403
ORvmwareesxiMatch6.7670-201903001
ORvmwareesxiMatch6.7670-201904001
ORvmwareesxiMatch6.7670-201904201
ORvmwareesxiMatch6.7670-201904202
ORvmwareesxiMatch6.7670-201904203
ORvmwareesxiMatch6.7670-201904204
ORvmwareesxiMatch6.7670-201904205
ORvmwareesxiMatch6.7670-201904206
ORvmwareesxiMatch6.7670-201904207
ORvmwareesxiMatch6.7670-201904208
ORvmwareesxiMatch6.7670-201904209
ORvmwareesxiMatch6.7670-201904210
ORvmwareesxiMatch6.7670-201904211
ORvmwareesxiMatch6.7670-201904212
ORvmwareesxiMatch6.7670-201904213
ORvmwareesxiMatch6.7670-201904214
ORvmwareesxiMatch6.7670-201904215
ORvmwareesxiMatch6.7670-201904216
ORvmwareesxiMatch6.7670-201904217
ORvmwareesxiMatch6.7670-201904218
ORvmwareesxiMatch6.7670-201904219
ORvmwareesxiMatch6.7670-201904220
ORvmwareesxiMatch6.7670-201904221
ORvmwareesxiMatch6.7670-201904222
ORvmwareesxiMatch6.7670-201904223
ORvmwareesxiMatch6.7670-201904224
ORvmwareesxiMatch6.7670-201904225
ORvmwareesxiMatch6.7670-201904226
ORvmwareesxiMatch6.7670-201904227
ORvmwareesxiMatch6.7670-201904228
ORvmwareesxiMatch6.7670-201904229
ORvmwareesxiMatch6.7670-201905001
ORvmwareesxiMatch6.7670-201906002
ORvmwareesxiMatch6.7670-201908101
ORvmwareesxiMatch6.7670-201908102
ORvmwareesxiMatch6.7670-201908103
ORvmwareesxiMatch6.7670-201908104
ORvmwareesxiMatch6.7670-201908201
ORvmwareesxiMatch6.7670-201908202
ORvmwareesxiMatch6.7670-201908203
ORvmwareesxiMatch6.7670-201908204
ORvmwareesxiMatch6.7670-201908205
ORvmwareesxiMatch6.7670-201908206
ORvmwareesxiMatch6.7670-201908207
ORvmwareesxiMatch6.7670-201908208
ORvmwareesxiMatch6.7670-201908209
ORvmwareesxiMatch6.7670-201908210
ORvmwareesxiMatch6.7670-201908211
ORvmwareesxiMatch6.7670-201908212
ORvmwareesxiMatch6.7670-201908213
ORvmwareesxiMatch6.7670-201908214
ORvmwareesxiMatch6.7670-201908215
ORvmwareesxiMatch6.7670-201908216
ORvmwareesxiMatch6.7670-201908217
ORvmwareesxiMatch6.7670-201908218
ORvmwareesxiMatch6.7670-201908219
ORvmwareesxiMatch6.7670-201908220
ORvmwareesxiMatch6.7670-201908221
ORvmwareesxiMatch6.7670-201911001
ORvmwareesxiMatch6.7670-201912001
ORvmwareesxiMatch6.7670-201912101
ORvmwareesxiMatch6.7670-201912102
ORvmwareesxiMatch6.7670-201912401
ORvmwareesxiMatch6.7670-201912402
ORvmwareesxiMatch6.7670-201912403
ORvmwareesxiMatch6.7670-201912404
ORvmwareesxiMatch6.7670-201912405
ORvmwareesxiMatch6.7670-202004001
ORvmwareesxiMatch6.7670-202004002
ORvmwareesxiMatch6.7670-202004301
ORvmwareesxiMatch6.7670-202004401
ORvmwareesxiMatch6.7670-202004402
ORvmwareesxiMatch6.7670-202004403
ORvmwareesxiMatch6.7670-202004404
ORvmwareesxiMatch6.7670-202004405
ORvmwareesxiMatch6.7670-202004406
ORvmwareesxiMatch6.7670-202004407
ORvmwareesxiMatch6.7670-202004408
ORvmwareesxiMatch6.7670-202006001
ORvmwareesxiMatch6.7670-202008001
ORvmwareesxiMatch6.7670-202010001
ORvmwareesxiMatch6.7670-202011001
ORvmwareesxiMatch6.7670-202011002
ORvmwareesxiMatch6.7670-202102001
ORvmwareesxiMatch6.7670-202103001
ORvmwareesxiMatch6.7670-202111001
Node
vmwareesxiMatch7.0-
ORvmwareesxiMatch7.0beta
ORvmwareesxiMatch7.0update_1
ORvmwareesxiMatch7.0update_1a
ORvmwareesxiMatch7.0update_1b
ORvmwareesxiMatch7.0update_1c
ORvmwareesxiMatch7.0update_1d
ORvmwareesxiMatch7.0update_2
ORvmwareesxiMatch7.0update_2a
ORvmwareesxiMatch7.0update_2c
ORvmwareesxiMatch7.0update_2d
CNA Affected
[
{
"product": "VMware ESXi, VMware Workstation and VMware Fusion",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0)"
}
]
}
]References
Social References
More
Related
prion
prion
Heap overflow
2022-01-04 22:15:00
vmware
vmware
nessus
nessus
ESXi 6.5 / 6.7 / 7.0 Heap Overflow RCE (VMSA-2022-0001)
2022-09-23 00:00:00
VMware Workstation 16.0.x < 16.2.0 Heap Overflow RCE (VMSA-2022-0001)
2022-02-08 00:00:00
VMware Fusion 12.x < 12.2.0 Heap Overflow RCE (VMSA-2022-0001)
2022-02-08 00:00:00
thn
thn
VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products
2022-01-06 06:17:00
cnvd
cnvd
VMware ESXi Buffer Overflow Vulnerability
2022-01-06 00:00:00
nvd
nvd
CVE-2021-22045
2022-01-04 22:15:07
hivepro
hivepro
High severity vulnerability in VMware Workstation, Fusion, and ESXi
2022-01-06 05:31:20
kaspersky
kaspersky
KLA12412 ACE vulnerability in VMware Workstation
2022-01-04 00:00:00
zdi
zdi
cvelist
cvelist
CVE-2021-22045
2022-01-04 21:39:03
threatpost
threatpost
Partially Unpatched VMware Bug Opens Door to Hypervisor Takeover
2022-01-06 16:47:44
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
32.9%
Related for CVE-2021-22045