Denial-of-Service Vulnerability in ESXi rhttpproxy by VMware
CVE-2021-22050

7.5HIGH

Key Information:

Vendor: Vmware
Status: Vmware Esxi And Vmware Cloud Foundation
Vendor: CVE Published:; 16 February 2022

Summary

The ESXi platform contains a vulnerability in the rhttpproxy service that can be exploited by a malicious actor. By sending a high volume of HTTP POST requests to the service, an attacker with network access can induce a denial-of-service condition. The excessive load causes the rhttpproxy service to become unresponsive, potentially disrupting the normal operations of affected systems. Administrators are advised to monitor their networks for unusual traffic patterns and apply available patches to mitigate this issue.

Affected Version(s)

VMware ESXi and VMware Cloud Foundation VMware ESXi(7.0 U3 before ESXi70U3c-19193900, ESXi 6.7 ESXi670-202111101-SG and ESXi 6.5 before ESXi650-202110101-SG) and VMware Cloud Foundation (4.x before 4.4 and 3.x before 3.11)

References

https://www.vmware.com/security/advisories/VMSA-2022-0004...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2022
Vulnerability Reserved
Jan 4, 2021