Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. These issues were discovered as part of the Tianfu Cup, a Chinese security event that VMware participates in. These vulnerabilities were reported to the Chinese government by the researchers that discovered them, in accordance with their laws.
To fully protect yourself and your organization please install one of the patch versions listed in the VMware Security Advisory, or use the workarounds listed in the VMSA.
Response Matrix: – 3a & 3b
Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
ESXi | 7.0 U3 | Any | CVE-2021-22040, CVE-2021-22041 | 8.4 | Important | ESXi70U3c-19193900 | KB87349 | FAQ |
ESXi | 7.0 U2 | Any | CVE-2021-22040, CVE-2021-22041 | 8.4 | Important | ESXi70U2e-19290878 | KB87349 | FAQ |
ESXi | 7.0 U1 | Any | CVE-2021-22040, CVE-2021-22041 | 8.4 | Important | ESXi70U1e-19324898 | KB87349 | FAQ |
ESXi | 6.7 | Any | CVE-2021-22040, CVE-2021-22041 | 8.4 | Important | [1] ESXi670-202111101-SG | KB87349 | FAQ |
ESXi | 6.5 | Any | CVE-2021-22040, CVE-2021-22041 | 8.4 | Important | ESXi650-202202401-SG | KB87349 | FAQ |
Fusion | 12.x | OS X | CVE-2021-22040, CVE-2021-22041 | 8.4 | Important | 12.2.1 | KB87349 | FAQ |
Workstation | 16.x | Any | CVE-2021-22040, CVE-2021-22041 | 8.4 | Important | 16.2.1 | KB87349 | FAQ |
NOTE: Most Windows and Linux versions support the use of the virtual PS/2 mouse and keyboard, and removing unnecessary devices such as USB controllers is recommended as part of the security hardening guidance VMware publishes for cloud infrastructure products like vSphere, Cloud Foundation, and VMware Cloud on AWS.
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Visit my FB page: https://www.facebook.com/AngrySysOps
Read my blog: https://angrysysops.com
Subscribe to my channel : https://www.youtube.com/channel/UCRTcKGl0neismSRpDMK_M4A