CVE-2021-22042Incorrect Authorization in Vmware Cloud Foundation

CWE-863Incorrect Authorization4 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 51.74%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware Cloud FoundationVmware Esxi
Timeline
PublishedFeb 16
Latest updateFeb 17

Description

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDvmware/esxi7.0
NVDvmware/cloud_foundation4.04.4

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-j79m-7c8r-83mc: VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets2022-02-17
CVEList
CVE-2021-22042: VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets2022-02-16

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)2022-02-15
CVE-2021-22042 — Incorrect Authorization in Vmware | cvebase