VMware Releases Security Updates for ESXi, Workstation, Fusion, Cloud Foundation, and NSX Data Center for vSphere (NSX-V)

VMware has released two security advisories concerning six vulnerabilities affecting multiple products.

The VMSA-2022-0004 advisory, rated as a Critical by VMware, states that combining the five vulnerabilities in the advisory could result in a higher severity threat level than the vulnerabilities pose individually. Of the five vulnerabilities affecting VMware ESXi, Workstation, Fusion, and the ESXi component of Cloud Foundation, four were reported from the 2021 Tianfu Cup Pwn Contest, a high-profile national hacking competition in China. An attacker could leverage these vulnerabilities to execute code, access the settingsd service, elevate privileges, create a denial-of-service condition, and take control of an affected system.

The VMSA-2022-0005 advisory, rated as Important by VMware, addresses a CLI shell injection vulnerability in VMware NSX Data Center for vSphere. An attacker with SSH access to an NSX-Edge appliance (NSX-V) could execute arbitrary commands on the operating system as root and take control of an affected system.