VMWare last week patched several high severity vulnerabilities affecting ESXi, Workstations, Fusion, Cloud Foundation and NSX Data Center for vSphre that could be exploited to execute arbitrary code and cause a denial-of-service (DoS) condition.
List of flaws affecting VMWare products are:
· CVE-2021-22040 (CVSS score: 8.4) – Use-after-free vulnerability in XHCI USB controller
· CVE-2021-22041 (CVSS score: 8.4) – Double-fetch vulnerability in UHCI USB controller
· CVE-2021-22042 (CVSS score: 8.2) – ESXi settingsd unauthorized access vulnerability
· CVE-2021-22043 (CVSS score: 8.2) – ESXi settingsd TOCTOU vulnerability
· CVE-2021-22050 (CVSS score: 5.3) – ESXi slow HTTP POST denial-of-service vulnerability
· CVE-2022-22945 (CVSS score: 8.8) – CLI shell injection vulnerability in the NSX Edge appliance component
Workarounds and patching instructions are available by Vmware on the following link: https://www.vmware.com/security/advisories/VMSA-2022-0004.html
Successful exploitation of the flaws could allow a malicious actor with local administrative privileges on a virtual machine to execute code as the virtual machine’s VMX process running on the host. It could also allow the adversary with access to settings to escalate their privileges by writing arbitrary files.
Additionally, CVE-2021-22050 could be weaponized by an adversary with network access to ESXi to create a DoS condition by overwhelming rhttpproxy service with multiple requests. Finally, CVE-2022-22945 could permit an attacker with SSH access to an NSX-Edge appliance (NSX-V) to run arbitrary commands on the operating system as root user.
VMware ESXi 7.0 ESXi70U3c-19193900
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3c-release-notes.html
VMware ESXi 7.0 ESXi70U2e-19290878
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u2e-release-notes.html
VMware ESXi 7.0 ESXi70U1e-19324898
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u1e.html
VMware ESXi 6.7 ESXi670-202111101-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202111001.html
VMware ESXi 6.5 ESXi650-202202401-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202202001.html
VMware ESXi 6.5 ESXi650-202110101-SG
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202110001.html
VMware Cloud Foundation 4.4
Downloads and Documentation:
https://docs.vmware.com/en/VMware-Cloud-Foundation/4.4/rn/VMware-Cloud-Foundation-44-Release-Notes.html
VMware Cloud Foundation 3.11
Downloads and Documentation:
https://docs.vmware.com/en/VMware-Cloud-Foundation/3.11/rn/VMware-Cloud-Foundation-311-Release-Notes.html
VMware Workstation Player 16.2.1
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
VMware Fusion 12.2.1
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22050
FIRST CVSSv3 Calculator:
CVE-2021-22040: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-22041: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-22042: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-22043: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-22050: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
2022-02-15 VMSA-2022-0004
Initial security advisory.
