Local Privilege Escalation Vulnerability in VMware Tools and Console
CVE-2021-21999

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Tools For Windows, Vmware Remote Console For Windows And Vmware App Volumes
Vendor: CVE Published:; 23 June 2021

Summary

VMware Tools for Windows, VMware Remote Console for Windows, and VMware App Volumes are susceptible to a local privilege escalation vulnerability. An attacker with standard access to a virtual machine can exploit this issue by placing a specially crafted file named 'openssl.cnf' in an unrestricted directory. This exploitation allows for the execution of malicious code with elevated privileges, posing a significant risk for users if not addressed promptly.

Affected Version(s)

VMware Tools for Windows, VMware Remote Console for Windows and VMware App Volumes VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103)

References

https://www.vmware.com/security/advisories/VMSA-2021-0013...

x_refsource_MISC

https://www.zerodayinitiative.com/advisories/ZDI-21-754/

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 23, 2021
Vulnerability Reserved
Jan 4, 2021