CVE-2021-22042

Summary

VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd authorization tickets. A malicious actor with privileges within the VMX process only, may be able to access settingsd service running as a high privileged user.

Affected Software

VendorProductVersion RangeStatus
n/aVMware ESXi and VMware Cloud FoundationVMware ESXi(7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878 and 7.0 U1 before ESXi70U1e-19324898) and VMware Cloud Foundation 4.x before 4.4affected

Weaknesses

  • Unauthorized access vulnerability

ADP Enrichment

CVE Program Container

Additional References

References