How To Fix CVE-2021–22045- Heap Overflow Vulnerability In VMWare Products?

What Is VMWare?

Summary Of CVE-2021–22045- Heap Overflow Vulnerability In VMWare Products:

VMware Products Affected With CVE-2021–22045- Heap Overflow Vulnerability:

  1. VMware ESXi v6.5, 6.7, and 7.0
  2. VMware Workstation prior to v16.2.0
  3. VMware Fusion prior to v12.2.0

How To Fix CVE-2021–22045- Heap Overflow Vulnerability In VMWare Products?

Fix CVE-2021–22045 In VMWare

Workaround For CVE-2021–22045:

  1. Disable all CD-ROM/DVD devices.
  2. Remove unneeded or unused hardware devices.

Disable All CD-ROM/DVD From The vSphere:

  1. Log in to a vCenter Server system using the vSphere Web Client.
  2. Right-click the virtual machine and click Edit Settings.
  3. Select the CD/DVD drive and uncheck “Connected” and “Connect at power on” and remove any attached ISOs.
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Select Parent
Get-VM | Get-CDDrive | Where {$_.extensiondata.connectable.connected -eq $true} | Set-CDDrive -NoMedia -confirm:$false

Remove Unnecessary Hardware Devices From VMware Workstation:

Devices Considered To Remove From Workstation VMs:

  • Virtual hard disks
  • CD-ROM and DVD drives
  • Floppy drives
  • Virtual network adapters
  • USB controllers
  • Sound cards
  • Camera
  • Printers
  • Generic SCSI devices

Remove Unnecessary Hardware Devices From VMware Fusion:

  1. Shut down or power off the virtual machine before changing the device settings.
  2. Select Window (From Mac menu bar)> Virtual Machine Library.
  3. Select a virtual machine in the Virtual Machine Library window and Select VM & click Settings.
  4. Under Removable Devices in the Settings window, Select a device from below list to remove.

Devices Considered To Remove From VM Fusion VMs:

  • Network Adapters
  • Hard Disk
  • Camera
  • CD/DVD
  • Sound Card
  • USB and Bluetooth
  • Serial ports
  • Parallel ports
  • Printer
  • Floppy Drive
  • Trusted Platform Module device

--

--

--

We are here to create awareness about cyber security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Next Steps: Realm’s Polkastarter IDO Whitelist Winners

Why cybersecurity isn’t secure

{UPDATE} Pets Blast Hack Free Resources Generator

Overthewire.org Bandit Level 11 -> 12

Degen Labs Presents

{UPDATE} Cone Ice Cream Cupcake Baker Hack Free Resources Generator

Crypto Wallet App Development | How to Ensure Efficiency and Security

37. …… just a story

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Thesecmasterblog

Thesecmasterblog

We are here to create awareness about cyber security.

More from Medium

How To Fix “InstallerFileTakeOver” 0day LPE Vulnerability In Windows?

Protect Text Input from Cross-Site-Scripting (XSS) Attacks Through Normalization in Node.js

Everything About Path Traversal Vulnerability

Privilege Escalation in Linux Systems