CVE-2022-22938 VMware Workstation and Horizon Client older than 5.5.3 has a denial-of-service vulnerability in the Cortado ThinPrint component.

CVE-2022-22938 VMware Workstation and Horizon Client older than 5.5.3 has a denial-of-service vulnerability in the Cortado ThinPrint component.

To view this issue with real-world examples and resolution steps, visit the following advisory: https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2145814 This issue affects both VMware Workstation and Horizon Client for Windows. An attacker must be on the same network or within the same subnet as the host. In the case of VMware Workstation, the attacker must have the ability to run remote applications or virtual machines on the host. For Horizon Client for Windows, the attacker must have physical access to the host.

Description and resolution

To view the security advisory and related Knowledge Base articles, visit https://kb.vmware.com/selfservice/microsites/search.do?cmd=displayKC&docType=kc&externalId=2145814

VMWare Workstation and Horizon Client

VMware Workstation is a software application that allows users to run and manage virtual machines (VMs) on their client device. It includes support for multiple operating systems. Horizon Client is a software application that allows users to remotely connect to and control VMs, hosts, and networks from Windows devices.
The following table defines the impact on VMware Workstation:
Impact of CVE-2022-22938 on VMware Workstation Impact on Horizon Client
Critical  -   VMWare Workstation must be patched immediately  -   Hosts running Windows 2012 or later may need patching as well
High  -   Hosts with virtualized guests running ESXi 5.5 or later have the option of patching the host even if not using VMware Workstation
Medium  -   Guest operating systems such as Linux require no patching for this issue

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe