Haberler

VMware İçin Acil Yama Vakti

VMware, VMware ESXi,VMware Workstation Pro, / Player (Workstation), VMware Fusion Pro / Fusion (Fusion), VMware Cloud Foundation (Cloud Foundation) ürünleri için güncelleme yayınladı. Zafiyet duyurusu kritik olarak nitelendirilirken güncellemelerin vakit kaybetmeden yapılması büyük önem taşıyor.

İlk olarak;

3a. Use-after-free vulnerability in XHCI USB controller (CVE-2021-22040) ve 3b. Double-fetch vulnerability in UHCI USB controller (CVE-2021-22041)

Response Matrix: – 3a & 3b

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
ESXi7.0 U3AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi70U3c-19193900KB87349FAQ
ESXi7.0 U2AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi70U2e-19290878KB87349FAQ
ESXi7.0 U1AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi70U1e-19324898KB87349FAQ
ESXi6.7AnyCVE-2021-22040, CVE-2021-220418.4Important [1] ESXi670-202111101-SGKB87349FAQ
ESXi6.5AnyCVE-2021-22040, CVE-2021-220418.4Important ESXi650-202202401-SGKB87349FAQ
Fusion12.xOS XCVE-2021-22040, CVE-2021-220418.4Important 12.2.1KB87349FAQ
Workstation16.xAnyCVE-2021-22040, CVE-2021-220418.4Important 16.2.1KB87349FAQ

Impacted Product Suites that Deploy Response Matrix 3a & 3b Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Cloud Foundation (ESXi)4.xAnyCVE-2021-22040, CVE-2021-220418.4Important 4.4KB87349FAQ
Cloud Foundation (ESXi)3.xAnyCVE-2021-22040, CVE-2021-220418.4Important 3.11KB87349FAQ

İkinci olarak;

3c. ESXi settingsd unauthorized access vulnerability (CVE-2021-22042) ve 3d. ESXi settingsd TOCTOU vulnerability (CVE-2021-22043)

Response Matrix: – 3c & 3d

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
ESXi7.0 U3AnyCVE-2021-22042, CVE-2021-220438.2Important ESXi70U3c-19193900NoneFAQ
ESXi7.0 U2AnyCVE-2021-22042, CVE-2021-220438.2Important ESXi70U2e-19290878NoneFAQ
ESXi7.0 U1AnyCVE-2021-22042, CVE-2021-220438.2Important ESXi70U1e-19324898NoneFAQ
ESXi6.7AnyCVE-2021-22042, CVE-2021-22043N/AN/AUnaffectedN/AN/A
ESXi6.5AnyCVE-2021-22042, CVE-2021-22043N/AN/AUnaffectedN/AN/A

Impacted Product Suites that Deploy Response Matrix 3c & 3d Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Cloud Foundation (ESXi)4.xAnyCVE-2021-22042, CVE-2021-220438.2Important 4.4NoneFAQ
Cloud Foundation (ESXi)3.xAnyCVE-2021-22042, CVE-2021-22043N/AN/AUnaffectedN/AN/A

Üçüncü olarak;

3e. ESXi slow HTTP POST denial of service vulnerability (CVE-2021-22050)

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
ESXi7.0AnyCVE-2021-220505.3Moderate ESXi70U3c-19193900NoneFAQ
ESXi6.7AnyCVE-2021-220505.3Moderate [1] ESXi670-202111101-SGNoneFAQ
ESXi6.5AnyCVE-2021-220505.3Moderate ESXi650-202110101-SGNoneFAQ

Impacted Product Suites that Deploy Response Matrix 3e Components:

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Cloud Foundation (ESXi)4.xAnyCVE-2021-220505.3Moderate 4.4NoneFAQ
Cloud Foundation (ESXi)3.xAnyCVE-2021-220505.3Moderate 3.11NoneFAQ

Kaynak: https://www.vmware.com/security/advisories/VMSA-2022-0004.html

İlgili Makaleler

Bir yanıt yazın

E-posta adresiniz yayınlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir

Başa dön tuşu