• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware issues security patches for high severity flaws affecting multiple products

VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products

You are here: Home / General Cyber Security News / VMware Issues Security Patches for High-Severity Flaws Affecting Multiple Products
February 16, 2022

VMware on Tuesday patched a number of substantial-severity vulnerabilities impacting ESXi, Workstation, Fusion, Cloud Basis, and NSX Information Centre for vSphere that could be exploited to execute arbitrary code and induce a denial-of-company (DoS) affliction.

As of composing, there is certainly no proof that any of the weaknesses are exploited in the wild. The listing of six flaws is as follows –

Automatic GitHub Backups

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


  • CVE-2021-22040 (CVSS score: 8.4) – Use-right after-cost-free vulnerability in XHCI USB controller
  • CVE-2021-22041 (CVSS score: 8.4) – Double-fetch vulnerability in UHCI USB controller
  • CVE-2021-22042 (CVSS rating: 8.2) – ESXi settingsd unauthorized obtain vulnerability
  • CVE-2021-22043 (CVSS score: 8.2) – ESXi settingsd TOCTOU vulnerability
  • CVE-2021-22050 (CVSS rating: 5.3) – ESXi sluggish HTTP Post denial-of-services vulnerability
  • CVE-2022-22945 (CVSS rating: 8.8) – CLI shell injection vulnerability in the NSX Edge appliance element

Effective exploitation of the flaws could enable a malicious actor with regional administrative privileges on a virtual device to execute code as the virtual machine’s VMX approach managing on the host. It could also permit the adversary with obtain to settingsd to escalate their privileges by writing arbitrary data files.

Furthermore, CVE-2021-22050 could be weaponized by an adversary with network accessibility to ESXi to make a DoS affliction by frustrating rhttpproxy provider with many requests. Last but not least, CVE-2022-22945 could allow an attacker with SSH access to an NSX-Edge appliance (NSX-V) to run arbitrary commands on the operating procedure as root user.

Prevent Data Breaches

Quite a few of the issues had been at first found out as component of the Tianfu Cup held past year in China, with the virtualization expert services provider operating with the contest’s organizers to assessment the conclusions and get the information and facts privately.

“The ramifications of this vulnerability are severe, primarily if attackers have obtain to workloads inside your environments,” VMware observed in a different FAQ. “Companies that observe adjust administration using the ITIL definitions of change forms would think about this an ’emergency transform.'”

Discovered this short article exciting? Follow THN on Fb, Twitter  and LinkedIn to examine far more exclusive written content we put up.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «google doubles bug bounty rewards for linux, kubernetes exploits Google doubles bug bounty rewards for Linux, Kubernetes exploits
Next Post: US senators urge Labour Department to drop facial recognition us senators urge labour department to drop facial recognition»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • FBI, CISA Warn of Russian Hackers Exploiting MFA and PrintNightmare Bug
  • Unpatched RCE Bug in dompdf Project Affects HTML to PDF Converters
  • NortonLifeLock and Avast merger could reduce competition, CMA warns
  • Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
  • NSW ditches e-voting system for 2023 election
  • Kaspersky Hits Back at “Politically Motivated” BSI Advisory
  • Germany advises against using Kaspersky software due to hacking risk
  • CISA: Fix MFA and Patch Promptly to Stop Russian Attackers
  • German Government Warns Against Using Russia’s Kaspersky Antivirus Software
  • Multiple Flaws Uncovered in ClickHouse OLAP Database System for Big Data

Copyright © TheCyberSecurity.News, All Rights Reserved.