CVE-2022-22943

6.7MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Tools For Windows
Vendor: CVE Published:; 3 March 2022

Summary

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.

Affected Version(s)

VMware Tools for Windows VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0)

References

https://www.vmware.com/security/advisories/VMSA-2022-0007...

x_refsource_MISC

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 3, 2022
Vulnerability Reserved
Jan 10, 2022