Local Privilege Escalation Vulnerability in VMware Tools
CVE-2022-31676

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Tools
Vendor: CVE Published:; 23 August 2022

Summary

VMware Tools, specifically versions 12.0.0, 11.x.y, and 10.x.y, are susceptible to a local privilege escalation vulnerability. This issue allows a malicious actor with non-administrative access to the Guest Operating System to elevate their privileges to that of a root user within the virtual machine. Successful exploitation of this vulnerability poses significant security risks, enabling unauthorized actions that could compromise the integrity and confidentiality of the virtualized environment.

Affected Version(s)

VMware Tools VMware Tools (12.0.0, 11.x.y and 10.x.y)

References

https://www.vmware.com/security/advisories/VMSA-2022-0024...

http://www.openwall.com/lists/oss-security/2022/08/23/3

mailing-list

https://www.debian.org/security/2022/dsa-5215

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 23, 2022
Vulnerability Reserved
May 25, 2022