5 Critical VMware ESXi Vulnerabilities
It has been alerted; five security vulnerabilities could lead to major potential issues for VMware ESXi customers. This includes command execution and DoS. VMware has issued a critical security update to patch its ESXi customers. Exploitation of these vulnerabilities could give hackers access to virtual machine environments.
VMware suggested that patching ESXi servers immediately is your best option, but you could also remove USB controllers from your VMs as a workaround. However, regarding to this advisory “that may be infeasible at scale and does not eliminate the potential threat like patching does.”
- CVE-2021-22040: Use-after-free vulnerability in XHCI USB controller (CVSS 8.4)
- CVE-2021-22041: Double-fetch vulnerability in UHCI USB controller (CVSS 8.4)
- CVE-2021-22042: ESXi ‘settingsd’ unauthorized access vulnerability (CVSS 8.2)
- CVE-2021-22043: ‘ESXi settingsd’ TOCTOU vulnerability (CVSS 8.2)
- CVE-2021-22050: ESXi slow HTTP POST denial of service vulnerability (CVSS 5.3)
VMware has said that there haven’t seen any attacks in the wild yet, but if the past is any indication, that will soon change. The company recommends urgently patching the system to avoid being hacked. Review Here For More Details.