CVE-2021-22042
 
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.
VMware ESXi contiene una vulnerabilidad de acceso no autorizado debido a que VMX presenta acceso a los tickets de autorización de settingsd. Un actor malicioso con privilegios sólo dentro del proceso VMX, puede ser capaz de acceder al servicio settingsd que es ejecutado como un usuario con altos privilegios
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-04 CVE Reserved
- 2022-02-16 CVE Published
- 2023-09-09 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2022-0004.html | 2022-02-25 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Cloud Foundation Search vendor "Vmware" for product "Cloud Foundation" | >= 4.0 < 4.4 Search vendor "Vmware" for product "Cloud Foundation" and version " >= 4.0 < 4.4" | - |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 7.0 Search vendor "Vmware" for product "Esxi" and version "7.0" | update_1 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 7.0 Search vendor "Vmware" for product "Esxi" and version "7.0" | update_2 |
Affected
| ||||||
Vmware Search vendor "Vmware" | Esxi Search vendor "Vmware" for product "Esxi" | 7.0 Search vendor "Vmware" for product "Esxi" and version "7.0" | update_3 |
Affected
|