Get in Touch
Please get in touch using the form below.
VMWare Patches Critical Vulnerabilities
Overview
VMWare have released several patches to address high severity flaws in their software.
A critical flaw in NSX Data Center for vSphere (CVE-2022-22945) would lead to command injection.
Other vulnerabilities are less severe individually but can be chained together for higher impact.
Impact
A malicious actor with local admin privileges on a VM may be able to execute code on the host.
A malicious actor with SSH access to an NSX-Edge appliance (NSX-V) can execute arbitrary commands on the operating system as root.
VMware notes: The ramifications of this vulnerability are serious, especially if attackers have access to workloads inside your environments.
Affected Products
NSX Data Center for vSphere prior to version 6.4.13.
Multiple versions of
– ESXi
– Workstation
– Fusion
– Cloud Foundation
Full list is available here.
Containment, Mitigations & Remediations
Apply the updates as soon as possible.
VMWare themselves noted: “Organizations that practice change management using the ITIL definitions of change types would consider this an ’emergency change.”.
Indicators of Compromise
Not yet seen in-the-wild.
Threat Landscape
A number of these vulnerabilities were originally discovered as part of the Tianfu Cup, and international cyber security contest held in Chengdu, China.
A working VM escape would be very useful for gaining network access or deploying ransomware.
Mitre Methodologies
T1068 – Exploitation for Privilege Escalation
T1611 – Escape to Host