VMWare has provided updates to Workstation, Fusion and ESXi products to address a “critical” vulnerability that could be exploited by a threat actor to take control of affected systems.

The problem relates to a heap overflow vulnerability – tracked as CVE-2021-22045 (CVSS score: 7.7) – which, if successfully exploited, leads to the execution of arbitrary code. The company credits Jaanus Kääp, a security researcher with Clarified Security, for reporting the bug.

Automatic GitHub backups

“A malicious actor with access to a virtual machine with CD-ROM device emulation could exploit this vulnerability, in conjunction with other issues, to execute code on the hypervisor from a virtual machine,” VMware said in an advisory published Jan. 4.

VMware

The bug affects ESXi versions 6.5, 6.7 and 7.0; Workstation versions 16.x; and Fusion versions 12.x, although the company has released a patch for ESXi 7.0. In the meantime, the company recommends that users disable all CD-ROM / DVD devices …

.



Source link

Leave a Reply