Vulnerabilities > CVE-2021-22042 - Incorrect Authorization vulnerability in VMWare Cloud Foundation and Esxi
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 8 | |
OS | 3 |