Patch Now: Vmware Fixed CVE-2021-22045 Heap-Overflow Vulnerability
Securin
Securin Team
Jan 28, 2022
On January 04, 2022, VMware has published security fixes for its Workstation, Fusion, and ESXi products to address a heap-overflow vulnerability identified as CVE-2021-22045. Attackers on various VMware platforms can exploit a virtual CD-ROM drive to execute malicious code in the hypervisor; however, not all products have been fixed as of yet.
The CVSS v3 base score for this vulnerability is 7.8, which is classified as “high” in severity. A heap overflow is a memory issue that can corrupt data or introduce unexpected behavior into any process accessing the affected memory area – in some cases resulting in remote code execution (RCE) and Denial of Service (DoS).
Affected Products
The vulnerability affects Windows, Linux, and Mac users throughout the virtualization specialist’s portfolio.
CVE Identifier | Product | Version | Running On | CVSSv3 | Severity | Fixed Version | Workarounds |
|---|---|---|---|---|---|---|---|
CVE-2021-22045 | ESXi | 7 | Any | Important | Patch Pending | ||
ESXi | 6.7 | Any | 7.7 | Important | ESXi670-202111101-SG | ||
ESXi | 6.5 | Any | Important | ESXi650-202110101-SG | |||
Workstation | 16.x | Any | Important | 16.2.0 | |||
Fusion | 12.x | OS X | Important | 12.2.0 | |||
VMware Cloud Foundation (ESXi) | 4.x | Any | Important | Patch Pending | |||
VMware Cloud Foundation (ESXi) | 3.x | Any | Important | Patch Pending |
Knotted But Still Exploitable
The flaw allows an untrusted guest OS user to run code on the hypervisor; nevertheless, “an attacker would not have control over the data produced, making exploitation difficult.” A successful attacker can compromise the hypervisor’s host operating system.
A hypervisor is software that creates and runs virtual machines and governs how resources are shared among them (such as memory and processing). Taking control of a hypervisor can provide hackers with a direct path to any data or applications stored in the VMs it manages, as well as the ability to execute code or install files on those Virtual Machines.
ESXi: Users are High at Risk
The ESXi hypervisor is an empty hypervisor that runs on a server and splits it into several virtual machines (VMs). Considering that there isn’t a fix for ESXi users, VMware seems to be a popular target for cybercriminals and ransomware gangs.
On January 10, 2022, researchers have noticed that AvosLocker’s newer malware versions now include capabilities for encrypting Linux computers, with a target on VMware ESXi virtual machines.
Mitigations: Disable Now!
Vmware advises customers to turn down all CD-ROM/DVD drives on all running virtual machines to avoid potential exploitation —
- Log in to a vCenter Server system using the vSphere Web Client.
- Right-click the virtual machine and click Edit Settings.
- Select the CD/DVD drive and uncheck “Connected” and “Connect at power on” and remove any attached ISOs.
Worried about how susceptible your organization is to a ransomware attack?
Get a Ransomware Penetration Assessment done today!
Click here to talk to us.
Share this post on:
