Critical Severity – VMSA-2022-0004 – VMware ESXi, Workstation, and Fusion

Multiple vulnerabilities in VMware ESXi, Workstation, and Fusion were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. These issues were discovered as part of the Tianfu Cup, a Chinese security event that VMware participates in. These vulnerabilities were reported to the Chinese government by the researchers that discovered them, in accordance with their laws.

To fully protect yourself and your organization please install one of the patch versions listed in the VMware Security Advisory, or use the workarounds listed in the VMSA.

Response Matrix: – 3a & 3b

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
ESXi7.0 U3AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi70U3c-19193900KB87349FAQ
ESXi7.0 U2AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi70U2e-19290878KB87349FAQ
ESXi7.0 U1AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi70U1e-19324898KB87349FAQ
ESXi6.7AnyCVE-2021-22040, CVE-2021-220418.4Important [1] ESXi670-202111101-SGKB87349FAQ
ESXi6.5AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi650-202202401-SGKB87349FAQ
Fusion12.xOS XCVE-2021-22040, CVE-2021-220418.4Important 12.2.1KB87349FAQ
Workstation16.xAnyCVE-2021-22040, CVE-2021-220418.4Important 16.2.1KB87349FAQ

NOTE: Most Windows and Linux versions support the use of the virtual PS/2 mouse and keyboard, and removing unnecessary devices such as USB controllers is recommended as part of the security hardening guidance VMware publishes for cloud infrastructure products like vSphere, Cloud Foundation, and VMware Cloud on AWS.

Please like and share to spread the knowledge in the community.

If you want to chat with me please use Twitter: @AngrySysOps

Visit my FB page:

Read my blog:

Subscribe to my channel :

Please leave the comment