Security News > 2022 > February > VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products

VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products
2022-02-17 19:18

VMware on Tuesday patched several high-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere that could be exploited to execute arbitrary code and cause a denial-of-service condition.

CVE-2021-22042 - ESXi settingsd unauthorized access vulnerability.

CVE-2022-22945 - CLI shell injection vulnerability in the NSX Edge appliance component.

CVE-2021-22050 could be weaponized by an adversary with network access to ESXi to create a DoS condition by overwhelming rhttpproxy service with multiple requests.

Last but not least, CVE-2022-22945 could permit an attacker with SSH access to an NSX-Edge appliance to run arbitrary commands on the operating system as root user.

"The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments," VMware noted in a separate FAQ. "Organizations that practice change management using the ITIL definitions of change types would consider this an 'emergency change.'".


News URL

https://thehackernews.com/2022/02/vmware-issues-security-patches-for-high.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2022-22945 OS Command Injection vulnerability in VMWare Cloud Foundation and NSX Data Center
VMware NSX Edge contains a CLI shell injection vulnerability.
local
low complexity
vmware CWE-78
7.8
2022-02-16 CVE-2021-22050 Allocation of Resources Without Limits or Throttling vulnerability in VMWare Esxi 6.5/6.7
ESXi contains a slow HTTP POST denial-of-service vulnerability in rhttpproxy.
network
low complexity
vmware CWE-770
7.5
2022-02-16 CVE-2021-22042 Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets.
local
low complexity
vmware CWE-863
7.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591