Jaanus Kääp, a security researcher from Clarified Security, reported a Heap Overflow vulnerability in multiple VMWare products. According to the researcher, the CVE-2021-22045 vulnerability could allow an attacker to execute arbitrary code on Hypervisor from a virtual machine. Since the flaw has gained a score of 7.7, which is rated High in CVSS 3.1, it is important to fix the issue on all the affected VMWare products. In this post, let’s see how to fix CVE-2021-22045- Heap Overflow Vulnerability in VMWare Products.
Table of Contents
What Is VMWare?
VMWare is now a subsidiary company of Dell Technologies. It is the first company to develop a virtualization platform, which is the core tech behind today’s cloud technologies. It has released a variety of products for desktops, servers, networks, and security, which helped develop virtual and cloud infrastructure.
Summary Of CVE-2021-22045- Heap Overflow Vulnerability In VMWare Products:
This is a Heap Overflow vulnerability that exists within the SCSI component of the CD-ROM device emulator in multiple VMWare products. An attacker should have access to execute low-privileged code on the target guest machine to exploit this vulnerability. So, the exploitation could only be possible for a local attacker. The flaw is due to improper validation of the length of user-supplied data before copying it to a fixed-length heap-based buffer.
Successful exploitation of the vulnerability will let an attacker to escalate privileges and execute arbitrary code on Hypervisor from a virtual machine.
| Associated CVE ID | CVE-2021-22045 |
| Description | Heap Overflow Vulnerability in VMWare Products |
| Associated ZDI ID | ZDI-CAN-14237 |
| CVSS Score | 7.7 High |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
| Impact Score | 6.0 |
| Exploitability Score | 1.1 |
| Attack Vector (AV) | Local |
| Attack Complexity (AC) | High |
| Privilege Required (PR) | Low |
| User Interaction (UI) | None |
| Scope | Changed |
| Confidentiality (C) | High |
| Integrity (I) | High |
| availability (a) | High |
VMware Products Affected With CVE-2021-22045- Heap Overflow Vulnerability:
The flaw affects VMware ESXi, VMware Workstation Pro / Player, VMware Fusion, and VMware Cloud Foundation.
- VMware ESXi v6.5, 6.7, and 7.0
- VMware Workstation prior to v16.2.0
- VMware Fusion prior to v12.2.0
VMware has responded to the flaw with Response Matrix.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds |
| ESXi | 7.0 | Any | CVE-2021-22045 | 7.7 | Important | Patch Pending | KB87249 |
| ESXi | 6.7 | Any | CVE-2021-22045 | 7.7 | Important | ESXi670-202111101-SG | KB87249 |
| ESXi | 6.5 | Any | CVE-2021-22045 | 7.7 | Important | ESXi650-202110101-SG | KB87249 |
| Workstation | 16.x | Any | CVE-2021-22045 | 7.7 | Important | 16.2.0 | KB87206 |
| Fusion | 12.x | OS X | CVE-2021-22045 | 7.7 | Important | 12.2.0 | KB87207 |
| VMware Cloud Foundation (ESXi) | 4.x | Any | CVE-2021-22045 | 7.7 | Important | Patch Pending | KB87249 |
| VMware Cloud Foundation (ESXi) | 3.x | Any | CVE-2021-22045 | 7.7 | Important | Patch Pending | KB87249 |
How To Fix CVE-2021-22045- Heap Overflow Vulnerability In VMWare Products?
VMWare has released patches to mitigate the vulnerability and published a workaround for the users who can’t apply the patches immediately on the affected VMWare products, the Vendor has recommended disabling all CD/DVD devices on the VMs.
Fix CVE-2021-22045 In VMWare
The best way to fix CVE-2021-22045 is to upgrade the product to the latest release. For ESXi v6.5 & v6.7 users VMWare has released patch. However, users of ESXi v7.x is need to wait for to have the fix.
| ESXi Version | Fixed Version | Build Number |
| 6.5 | 6.5 P07 | 18678235 |
| 6.7 | 6.7 P06 | 18828794 |
| 7.0 | Pending | Pending |
Workaround For CVE-2021-22045:
- Disable all CD-ROM/DVD devices.
- Remove unneeded or unused hardware devices.
Disable All CD-ROM/DVD From The vSphere:
- Log in to a vCenter Server system using the vSphere Web Client.
- Right-click the virtual machine and click Edit Settings.
- Select the CD/DVD drive and uncheck “Connected” and “Connect at power on” and remove any attached ISOs.
Disable all CD-ROM/DVD from Powercli:Powercli can be used to list the virtual machines connected to CD-ROM/DVD and remove the CD-ROM/DVD devices from the VMs.
Command to list all VMs with a connected CD-ROM/DVD device:
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select ParentCommand to remove and disconnect an attached CD-ROM/DVD device:
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Set-CDDrive -NoMedia -confirm:$false
Remove Unnecessary Hardware Devices From VMware Workstation:
Select VM > Settings, click the Hardware tab, select the device, and click Remove.
Devices Considered To Remove From Workstation VMs:
- Virtual hard disks
- CD-ROM and DVD drives
- Floppy drives
- Virtual network adapters
- USB controllers
- Sound cards
- Camera
- Printers
- Generic SCSI devices
Remove Unnecessary Hardware Devices From VMware Fusion:
- Shut down or power off the virtual machine before changing the device settings.
- Select Window (From Mac menu bar)> Virtual Machine Library.
- Select a virtual machine in the Virtual Machine Library window and Select VM & click Settings.
- Under Removable Devices in the Settings window, Select a device from below list to remove.
Devices Considered To Remove From VM Fusion VMs:
- Network Adapters
- Hard Disk
- Camera
- CD/DVD
- Sound Card
- USB and Bluetooth
- Serial ports
- Parallel ports
- Printer
- Floppy Drive
- Trusted Platform Module device
This is how you can fix the heap overflow vulnerability on VMWare products. We hope this post will help you know How to Fix CVE-2021-22045- Heap Overflow Vulnerability in VMWare Products. Thanks for reading this threat post. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, & Medium and subscribe to receive updates like this.
原创文章,作者:ItWorker,如若转载,请注明出处:https://blog.ytso.com/270126.html