• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware issues security patches for high severity flaws affecting multiple products

VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products

You are here: Home / General Cyber Security News / VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products
February 16, 2022

VMware on Tuesday patched a number of substantial-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Basis, and NSX Information Centre for vSphere that could be exploited to execute arbitrary code and induce a denial-of-company (DoS) affliction.

As of composing, there is certainly no proof that any of the weaknesses are exploited in the wild. The listing of six flaws is as follows –

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


  • CVE-2021-22040 (CVSS score: 8.4) – Use-right after-cost-free vulnerability in XHCI USB controller
  • CVE-2021-22041 (CVSS score: 8.4) – Double-fetch vulnerability in UHCI USB controller
  • CVE-2021-22042 (CVSS rating: 8.2) – ESXi settingsd unauthorized obtain vulnerability
  • CVE-2021-22043 (CVSS score: 8.2) – ESXi settingsd TOCTOU vulnerability
  • CVE-2021-22050 (CVSS rating: 5.3) – ESXi sluggish HTTP Post denial-of-services vulnerability
  • CVE-2022-22945 (CVSS rating: 8.8) – CLI shell injection vulnerability in the NSX Edge appliance element

Effective exploitation of the flaws could enable a malicious actor with regional administrative privileges on a virtual device to execute code as the virtual machine’s VMX approach managing on the host. It could also permit the adversary with obtain to settingsd to escalate their privileges by writing arbitrary data files.

Furthermore, CVE-2021-22050 could be weaponized by an adversary with network accessibility to ESXi to make a DoS affliction by frustrating rhttpproxy provider with many requests. Last but not least, CVE-2022-22945 could allow an attacker with SSH access to an NSX-Edge appliance (NSX-V) to run arbitrary commands on the operating procedure as root user.

Prevent Data Breaches

Quite a few of the issues had been at first found out as component of the Tianfu Cup held past year in China, with the virtualization expert services provider operating with the contest’s organizers to assessment the conclusions and get the information and facts privately.

“The ramifications of this vulnerability are severe, primarily if attackers have obtain to workloads inside your environments,” VMware observed in a different FAQ. “Companies that observe adjust administration using the ITIL definitions of change forms would think about this an ’emergency transform.'”

Discovered this short article exciting? Follow THN on Fb, Twitter  and LinkedIn to examine far more exclusive written content we put up.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «google doubles bug bounty rewards for linux, kubernetes exploits Google doubles bug bounty rewards for Linux, Kubernetes exploits
Next Post: US senators urge Labour Department to drop facial recognition us senators urge labour department to drop facial recognition»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data
  • New Russian-Linked Malware Poses “Immediate Threat” to Energy Grids
  • Predator Android Spyware: Researchers Sound the Alarm on Alarming Capabilities
  • 5 Must-Know Facts about 5G Network Security and Its Cloud Benefits
  • Romania’s Safetech Leans into UK Cybersecurity Market
  • New COSMICENERGY Malware Exploits ICS Protocol to Sabotage Power Grids
  • Barracuda Warns of Zero-Day Exploited to Breach Email Security Gateway Appliances
  • Advanced Phishing Attacks Surge 356% in 2022
  • Expo Framework API Flaw Reveals User Data in Online Services
  • NCSC Warns Against Chinese Cyber Attacks on Critical Infrastructure

Copyright © TheCyberSecurity.News, All Rights Reserved.