VMware Security Vulerability Feb 2022

-
Two security advisories was sent out on Tuesday 15th Feb. One affecting mainly virtualization platform such as ESXi, Workstation, Fusion and Cloud Foundation. While the other impacts NSX-V and Cloud Foundation that contain NSX-V.

Both advisories contains vulnerabilities that has a CVSSv3 score of  more than 8. Except for one that is in the first advisory at time of writing. Check back to the advisories for the updated fix once available.

The good news is all fixes are now available except pending for Cloud Foundation for CVE-2022-22945.

Below is the security advisories which contain the respective CVE.

VMSA-2022-0004
Use-after-free vulnerability in XHCI USB controller (CVE-2021-22040) - 8.4
Double-fetch vulnerability in UHCI USB controller (CVE-2021-22041) - 8.4
ESXi settingsd unauthorized access vulnerability (CVE-2021-22042) - 8.2
ESXi settingsd TOCTOU vulnerability (CVE-2021-22043) - 8.2
ESXi slow HTTP POST denial of service vulnerability (CVE-2021-22050) - 5.3

VMware NSX Data Center for vSphere update addresses CLI shell injection vulnerability (CVE-2022-22945) - 8.8


Comments

Post a Comment

Popular posts from this blog

Why VMware or Why Not after Broadcom?

-
The Truth Yes, the news of VMware acquired by Broadcom has come to a realization. We cannot denied the truth since 22nd Nov 2023. Prior the acquisition, if you have made a multi-year purchase before that, you will have whatever you can consume after the acquisition. VMware after the acquisition has release new bundle of all their offerings and end the perpetual licensing offer to the market. The individual products are not make available and cannot be purchase as a standalone. But are offered via two bundle namely; VMware vSphere Foundation (VVF), VMware Cloud Foundation (VCF). Both of which are all subscription licenses. It also ends all sales and renewal of any perpetual licenses. Honestly, VMware has been trying to end its perpetual license and into subscription for the longest time. With the Broadcom acquisition, VMware has been one of the last major player that has moved to subscription license. Customer who are on VMware, has been enjoying the great pricing with no limit of cores...
Read more

VMware Certifications Updates

-
Image
New changes are coming your ways for VMware certifications. A blog article just been release. 1. Prices of VCP, VCAP, etc. are all standardize to one single price, USD250. This is definitely beneficial for many especially those who are keen to persue the advanced level exam but having difficult to afford the exam fee which was much higher. 2. A mandatory course is no longer needed as an exam requirement. This will help many professionals who are experienced to get certified without having to go through boring course and spend to drag through the requirement.  Will this then bring down the certification value since course was required to ensure certified professional walk the talk as what they hold in credential? Answer to point 2, for people who are new and managed to pass the exam and get certified by other means, it can be identified easily. As the digital badges will be differentiated whether the exam was passed with a accompanied course or not. So during an interview, it can i...
Read more

VMware vExpert 2025 Applications Starts Now!

-
It the time of the year to apply and renew your vExpert for another year for your effort contribution back to the VMware community over the last 6-12months.  The vExpert 2025 application is now open starting from 6th Dec 2024 and will closed on 10th January 2025. So hurry start your application and fill up all your contribution. You do not have to do it once through, you can always save it in draft and add on and submit before the closing date. If you have doubt reach out or look for your vExpert Pro nearest to you to to advise you accordingly. This year has been a very different year for VMware. However, the vExpert program was valued and carry on. The perks this year been a vExpert will be very different from the investment from Broadcom.  Head over and sign up now. Good luck! Update 13 Dec 2024 Check out the vExpert application announcement here .
Read more