Saturday, April 13, 2024

VMware Issues Patches for Shell Injection and Privilege Vulnerability

VMware had multiple issues that were privately reported. VMware swiftly acted on the reported issues and released patches for all the critical vulnerabilities. The vulnerability details are as follows

Advisory ID:
CVSSv3 Range:
Issue Date:
Updated On:
2022-02-15 (Initial Advisory)


CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050


VMware ESXi, Workstation, and Fusion updates address multiple security vulnerabilities (CVE-2021-22040, CVE-2021-22041, CVE-2021-22042, CVE-2021-22043, CVE-2021-22050)

Products that were Impacted

  • VMware ESXi
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Cloud Foundation (Cloud Foundation)

3a. CVE-2021-22040 (Use-after-free Vulnerability in XHCI USB Controller)


With a local administrative privilege on a virtual machine, a threat actor can use this issue to execute code as the virtual machine’s VMX process running on the host.

It seems like the VMware ESXi, Workstation and Fusions were vulnerable to this issue. This issue has a CVSSv3 base score of 8.4

Resolution and Acknowledgement

To resolve this critical vulnerability a patch has been released by VMware. VMware also thanked Wei of Kunlun Lab for reporting this issue at the 2021 Tianfu Cup Pwn contest.

3b. CVE-2021-22041 (Double-Fetch Vulnerability in UHCI USB controller)


Just like CVE-2021-22040, a malicious actor with local admin privilege who uses this issue can execute code as a virtual machine’s VMX process running on the host. However, for this issue to be exploited an isochronous USB endpoint must be available to the virtual machine.

VMware ESXi, Workstation, and Fusion were the products affected by this vulnerability making the CVSSv3 score as 8.4

Resolution and Acknowledgement

VMware has released patches to resolve this vulnerability. This issue was reported by VictorV of Kunlun Lab at the 2021 Tianfu Cup Pwn. The Response Matrix and the impacted product suites for 3a and 3b have been released by VMware.

3c. CVE-2021-22042 (ESXi settingsd unauthorized access Vulnerability)


The VMware ESXi was found to be vulnerable to unauthorized access since the VMX has access to settings authorization tickets. On further evaluation, VMware gave a CVSSv3 score of 8.2 for this issue. The attacker must be with privileges within the VMX process in order to access the settingsd service as a high privileged user.

Resolution and Acknowledgement

VMware has released patches for this vulnerability. This was also reported by Wei of Kunlun Lab at the 2021 Tianfu Cup Pwn contest.

3d. CVE-2021-22043 (ESXi settingsd TOCTOU Vulnerability)


This issue was due to the way of handling temporary files by the TOCTOU (Time-of-Check Time-Of-Use) in VMware ESXi. 

An attacker with access to settingsd will be able to exploit this issue resulting in privilege escalation by writing arbitrary files.

Resolution and Acknowledgement

Patches are released to fix this issue. 

Wei from Kunlun Lab found this issue reported at the 2021 Tianfu Cup Pwn contest conducted by VMware.

The Response matrix for 3c and 3d was released by VMware.

3e. CVE-2021-22050 (ESXi slow HTTP POST Denial of Service Vulnerability)


The rhttpproxy used by the ESXi has this slow HTTP POST denial of service vulnerability. VMware evaluated this issue and gave a CVSSv3 score of 5.3

If an attacker gains access to the network of ESXi, he can exploit this issue to create a denial of service attack by overwhelming the rhttpproxy service with too many requests.

Resolution and Acknowledgement

VMware has released a patch for this vulnerability.

This issue was reported to VMware by George Noseevich and Sergey Gerasimov of SolidLab LLC.
Response Matrix and Impacted Product Suites information is released by VMware.


Latest articles

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Hackers Employ Deepfake Technology To Impersonate as LastPass CEO

A LastPass employee recently became the target of an attempted fraud involving sophisticated audio...

Sisence Data Breach, CISA Urges To Reset Login Credentials

In response to a recent data breach at Sisense, a provider of data analytics...

DuckDuckGo Launches Privacy Pro: 3-in-1 service With VPN

DuckDuckGo has launched Privacy Pro, a new subscription service that promises to enhance user...

Cyber Attack Surge by 28%:Education Sector at High Risk

In Q1 2024, Check Point Research (CPR) witnessed a notable increase in the average...

Midnight Blizzard’s Microsoft Corporate Email Hack Threatens Federal Agencies: CISA Warns

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive concerning a...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles