Security News > 2022 > February > Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers

Critical VMware Bugs Open ESXi, Fusion & Workstation to Attackers
2022-02-16 15:59

VMware has issued a critical security update to address issues in its ESXi, Fusion and Workstation products, including VMware Cloud Foundation versions.

VMware noted that patching VMware ESXi, Fusion and Workstation is the fastest method to resolve the issues, but organizations could also remove USB controllers from their VMs as a workaround.

CVE-2021-22042: ESXi 'settingsd' unauthorized access vulnerability.

CVE-2021-22050: ESXi slow HTTP POST denial of service vulnerability.

The first two important-rated issues exist in the USB controllers for VMware ESXi, Fusion and Workstation.

The VMX process runs in the VMkernel and is responsible for handling input/output to devices that are not critical to performance, according to VMware's documentation.


News URL

https://threatpost.com/critical-vmware-bugs-esxi-fusion-workstation/178461/

Related news

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2021-22050 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy.
network
low complexity
vmware CWE-770
7.5
7.5
2022-02-16 CVE-2021-22042 Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets.
local
low complexity
vmware CWE-863
7.8
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591