{"id":22820,"date":"2022-01-05T00:03:00","date_gmt":"2022-01-04T23:03:00","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=22820"},"modified":"2022-01-04T23:48:23","modified_gmt":"2022-01-04T22:48:23","slug":"vmware-sicherheitswarnung-vor-schwachstelle-cve-2021-22045-in-vmware-workstation-co","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/01\/05\/vmware-sicherheitswarnung-vor-schwachstelle-cve-2021-22045-in-vmware-workstation-co\/","title":{"rendered":"VMware security advisory about vulnerability CVE-2021-22045 in VMware Workstation &amp; Co."},"content":{"rendered":"<p><img decoding=\"async\" title=\"Sicherheit (Pexels, allgemeine Nutzung)\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" alt=\"Sicherheit (Pexels, allgemeine Nutzung)\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2021\/04\/Sicherheit_klein.jpg\" width=\"200\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/?p=261164\" target=\"_blank\" rel=\"noopener\">German<\/a>]Vendor VMware has issued a security alert for vulnerability CVE-2021-22045 as of January 4, 2022. This vulnerability, located in the CD-ROM driver, threatens the security of VMware Workstation, Fusion and ESXi Server through a heap overflow. However, updates are available to close this vulnerability. In addition, as a workaround, the CD-ROM feature can be disabled. Here is some information on this.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg09.met.vgwort.de\/na\/bd3bbb9bec4746e78a8127a35b824ad9\" width=\"1\" height=\"1\">I was alerted to the following <a href=\"https:\/\/twitter.com\/VMwareSRC\/status\/1478395487501828102\" target=\"_blank\" rel=\"noopener\">tweet<\/a> by a blog reader (Aldox3) (thanks for that).<\/p>\n<p><a href=\"https:\/\/twitter.com\/VMwareSRC\/status\/1478395487501828102\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" title=\"VMware Advisory VMSA-2022-0001\" alt=\"VMware Advisory VMSA-2022-0001\" src=\"https:\/\/i.imgur.com\/am44xxj.png\"><\/a><\/p>\n<p>In security advisory <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0001.html\" target=\"_blank\" rel=\"noopener\">VMSA-2022-0001<\/a>, VMware advises of vulnerability CVE-2021-22045 that threatens the following VMware products:<\/p>\n<ul>\n<li>VMware ESXi\n<li>VMware Workstation\n<li>VMware Fusion\n<li>VMware Cloud Foundation<\/li>\n<\/ul>\n<p>The vulnerability, which leads to a heap overflow, has been privately reported to VMware. The vulnerability is located in CD-ROM device emulation in VMware Workstation, Fusion, and ESXi Server. A malicious actor with access to a virtual machine running CD-ROM device emulation could exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine. CVE-2021-22045 has a CVSSv3 base score of 7.7 and is rated with a severity range of Important. <\/p>\n<p>To address CVE-2021-22045, VMware has provided updates for the affected products. Here are the fixed versions:<\/p>\n<ul>\n<li>VMware ESXi 6.5\n<li>VMware ESXi 6.7\n<li>VMware Workstation 16.2.0\n<li>VMware Fusion 12.2.0<\/li>\n<\/ul>\n<p>Details on the patches can be found on the <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0001.html\" target=\"_blank\" rel=\"noopener\">VMware page of the advisory<\/a>. VMware has also published knowledgebase articles for the affected products that provide workarounds (disable CD-ROM). The VMware knowledgebase articles are also linked on the <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0001.html\" target=\"_blank\" rel=\"noopener\">VMware page of the advisory<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]Vendor VMware has issued a security alert for vulnerability CVE-2021-22045 as of January 4, 2022. This vulnerability, located in the CD-ROM driver, threatens the security of VMware Workstation, Fusion and ESXi Server through a heap overflow. However, updates are available &hellip; <a href=\"https:\/\/borncity.com\/win\/2022\/01\/05\/vmware-sicherheitswarnung-vor-schwachstelle-cve-2021-22045-in-vmware-workstation-co\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,1547,22,1218],"tags":[69,195,651,1710],"class_list":["post-22820","post","type-post","status-publish","format-standard","hentry","category-security","category-software","category-update","category-virtualization","tag-security","tag-update","tag-virtualization","tag-vmware"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=22820"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/22820\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=22820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=22820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=22820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}