Uncontrolled Search Path Vulnerability in VMware Tools for Windows
CVE-2022-22943

6.7MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Tools For Windows
Vendor: CVE Published:; 3 March 2022

Summary

VMware Tools for Windows versions 11.x.y and 10.x.y before 12.0.0 are vulnerable due to an uncontrolled search path issue that could allow a malicious actor with local administrative privileges within the Windows guest operating system to execute arbitrary code with elevated system privileges. This vulnerability poses a significant risk as it may enable attackers to gain unauthorized access and control over critical system functions within the environment where VMware Tools is installed.

Affected Version(s)

VMware Tools for Windows VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0)

References

https://www.vmware.com/security/advisories/VMSA-2022-0007...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2022
Vulnerability Reserved
Jan 10, 2022