Home / About / Threat Intelligence / VMWare Patches Critical Vulnerabilities

Overview

VMWare have released several patches to address high severity flaws in their software.

A critical flaw in NSX Data Center for vSphere (CVE-2022-22945) would lead to command injection.
Other vulnerabilities are less severe individually but can be chained together for higher impact.

Impact

A malicious actor with local admin privileges on a VM may be able to execute code on the host.

A malicious actor with SSH access to an NSX-Edge appliance (NSX-V) can execute arbitrary commands on the operating system as root.

VMware notes: The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments.

Affected Products

NSX Data Center for vSphere prior to version 6.4.13.

Multiple versions of
– ESXi
– Workstation
– Fusion
– Cloud Foundation

Full list is available here.

Containment, Mitigations & Remediations

Apply the updates as soon as possible.
VMWare themselves noted: “Organizations that practice change management using the ITIL definitions of change types would consider this an ’emergency change.”.

Indicators of Compromise

Not yet seen in-the-wild.

Threat Landscape

A number of these vulnerabilities were originally discovered as part of the Tianfu Cup, and international cyber security contest held in Chengdu, China.

A working VM escape would be very useful for gaining network access or deploying ransomware.

Mitre Methodologies

T1068 – Exploitation for Privilege Escalation
T1611 – Escape to Host

Further Information

VMSA-2022-0004
VMSA-2022-0005