CVE-2021-22043
Severity
7.5HIGH
EPSS
0.3%
top 45.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 16
Latest updateFeb 17
Description
VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9
Affected Packages3 packages
▶CVEListV5vmware_esxi_and_vmware_cloud_foundationVMware ESXi(7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878 and 7.0 U1 before ESXi70U1e-19324898) and VMware Cloud Foundation 4.x before 4.4
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-27hx-pvj5-2hqg: VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled↗2022-02-17
CVEList▶
CVE-2021-22043: VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled↗2022-02-16
📋Vendor Advisories
1VMware▶
VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)↗2022-02-15