VMware has released a security update to address a vulnerability in Tools. A remote attacker could likely exploit the vulnerability to take control of an affected system.
VMware Tools was impacted by a local privilege escalation vulnerability. Updates are available to remediate this vulnerability in affected VMware products.
VMware Tools contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.0.
A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Here is a matrix with remediation:
|Product||Version||Running On||CVE Identifier||CVSSv3||Severity||Fixed Version||Workarounds||Additional Documentation|
|VMware Tools||12.x.y, 11.x.y||Windows||CVE-2022-31676||7.0||Important||12.1.0||None||None|
|VMware Tools||12.x.y, 11.x.y||Linux||CVE-2022-31676||7.0||Important||12.1.0||None||None|
VMware Security Advisory:
VMware Tools 12.1.0
Downloads and Documentation:
VMware Tools 10.3.25
Mitre CVE Dictionary Links:
FIRST CVSSv3 Calculator:
Please like and share to spread the knowledge in the community.
If you want to chat with me please use Twitter: @AngrySysOps
Join my VMware Knowledge Base Group: https://bit.ly/3w54tbc
Visit my FB page: https://www.facebook.com/AngrySysOps
Subscribe to my channel: https://bit.ly/3vY16CT