Get in Touch
VMware escape-to-host vulnerability in USB stack
Overview
VMware has released an update to address a critical escape-to-host vulnerability (CVE-2022-31705) in VMware ESXi, Workstation, and Fusion. Another critical vulnerability (CVE-2022-31702) was found in vRealize Network Insight (vRNI).
Impact
A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.
Affected Products
– ESXi 8.0, fixed in ESXi80a-20842819
– ESXi 8.0, fixed in ESXi70U3si-20841705
– Fusion 12.x, fixed in 12.2.5
– Fusion 13.x unaffected
– Workstation 16.x, fixed in 16.2.5
– Workstation 17.x unaffected
Containment, Mitigations & Remediations
VMware has published advice on removing the USB 2.0 controller (EHCI) from a host.
Indicators of Compromise
Not known to be exploited in the wild.
Threat Landscape
An escape-to-host vulnerability can allow an attacker to run code from a virtual machine on the host device. This is useful for accessing other virtualised resources as well as the host and any management network attached to it.
Threat Group
Not known to be exploited in the wild.
Mitre Methodologies
T1068 – Exploitation for Privilege Escalation
T1611 – Escape to Host
Further Information
VMSA-2022-0033 (Escape to Host vulnerability
VMSA-2022-0031 (vNRI vulnerability)