Rewterz Threat Advisory – Multiple VMware ESXi, Workstation, and Fusion Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-22050

Vmware ESXi is vulnerable to a denial of service, caused by a slow HTTP POST denial-of-service vulnerability in rhttpproxy. By overwhelming rhttpproxy service with multiple requests, an attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-22043

VMware ESXi could allow a local authenticated attacker to gain elevated privileges on the system, caused by a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. By writing arbitrary files, an attacker could exploit this vulnerability to escalate their privileges.

CVE-2021-22042

Vmware ESXi could allow a local authenticated attacker to gain access to the system, caused by VMX having access to settingsd authorization tickets. An attacker could exploit this vulnerability to access settingsd service running as a high privileged user.

CVE-2021-22041, CVE-2021-22040

Vmware ESXi, Workstation and Fusion could allow a local attacker to execute arbitrary code on the system, caused by a double-fetch vulnerability in the UHCI USB controller. An attacker could exploit this vulnerability to execute code as the virtual machine’s VMX process running on the host.

Impact

• Denial of Service
• Privilege Escalation
• Unauthorized Access
• Code Execution

Indicators of Compromise

CVE

• CVE-2021-22050
• CVE-2021-22043
• CVE-2021-22042
• CVE-2021-22041
• CVE-2021-22040

Affected Vendors

VMware

Affected Products

• VMware ESXi 6.5
• VMware ESXi 6.7
• VMware ESXi 7.0
• VMware Cloud Foundation (ESXi) 3.0

Remediation

Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.