Vulnerabilities > CVE-2021-22042 - Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

vmware

CWE-863

NVD

Published: 2022-02-16

Updated: 2022-02-25

Summary

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

Vulnerable Configurations

Part	Description	Count
OS	Vmware Vmware Esxi 7.0	3
Application	Vmware Vmware Cloud Foundation 4.0 Vmware Cloud Foundation 4.0.1 Vmware Cloud Foundation 4.1 Vmware Cloud Foundation 4.1.0.1 Vmware Cloud Foundation 4.2 Vmware Cloud Foundation 4.2.1 Vmware Cloud Foundation 4.3 Vmware Cloud Foundation 4.3.1 Vmware Cloud Foundation 4.3.11	10

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.vmware.com/security/advisories/VMSA-2022-0004.html

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Related news

References