CVE-2021-22043

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Esxi And Vmware Cloud Foundation
Vendor: CVE Published:; 16 February 2022

Summary

VMware ESXi contains a TOCTOU (Time-of-check Time-of-use) vulnerability that exists in the way temporary files are handled. A malicious actor with access to settingsd, may exploit this issue to escalate their privileges by writing arbitrary files.

Affected Version(s)

VMware ESXi and VMware Cloud Foundation VMware ESXi(7.0 U3 before ESXi70U3c-19193900, 7.0 U2 before ESXi70U2e-19290878 and 7.0 U1 before ESXi70U1e-19324898) and VMware Cloud Foundation 4.x before 4.4

References

https://www.vmware.com/security/advisories/VMSA-2022-0004...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2022
Vulnerability Reserved
Jan 4, 2021