CVE-2021-21999

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Tools For Windows, Vmware Remote Console For Windows And Vmware App Volumes
Vendor: CVE Published:; 23 June 2021

Summary

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.

Affected Version(s)

VMware Tools for Windows, VMware Remote Console for Windows and VMware App Volumes VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103)

References

https://www.vmware.com/security/advisories/VMSA-2021-0013...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-754/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2021
Vulnerability Reserved
Jan 4, 2021