VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.
2021-06-23T12:15:07.897
2024-11-21T05:49:24.887
Modified
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | vmware | app_volumes | < 2.18.10 | Yes |
Application | vmware | app_volumes | < 2103 | Yes |
Application | vmware | remote_console | < 12.0.1 | Yes |
Application | vmware | tools | < 11.2.6 | Yes |