QID 375665

Date Published: 2021-06-30

QID 375665: VMware Tools Local Privilege Escalation Vulnerability (VMSA-2021-0013)

VMware Tools is a suite of utilities that enhances the performance of the virtual machine guest operating system and improves management of the virtual machine running on VMware.

Affected Versions:
VMware Tools version from 11.0.0 prior to 11.2.6.

QID Detection Logic:(Authenticated)
It checks for vulnerable version of VMware tools.

An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.

  • CVSS V3 rated as High - 7.8 severity.
  • CVSS V2 rated as High - 7.2 severity.
  • Solution
    To remediate this issue update to VMware Tools version VMware Tools 11.2.6
    For more information please visit VMware advisory VMSA-2021-0013

    CVEs related to QID 375665

    Software Advisories
    Advisory ID Software Component Link
    VMware Tools for Windows 11.2.6 URL Logo docs.vmware.com/en/VMware-Tools/11.2/rn/VMware-Tools-1126-Release-Notes.html