Vulnerability Description
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | App Volumes | >= 2.0, < 2.18.10 |
| Vmware | Remote Console | >= 12.0.0, < 12.0.1 |
| Vmware | Tools | >= 11.0.0, < 11.2.6 |
Related Weaknesses (CWE)
References
- https://www.vmware.com/security/advisories/VMSA-2021-0013.htmlPatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-754/Third Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2021-0013.htmlPatchVendor Advisory
- https://www.zerodayinitiative.com/advisories/ZDI-21-754/Third Party AdvisoryVDB Entry
FAQ
What is CVE-2021-21999?
CVE-2021-21999 is a vulnerability with a CVSS score of 7.8 (HIGH). VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege es...
How severe is CVE-2021-21999?
CVE-2021-21999 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-21999?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware App Volumes, Vmware Remote Console, Vmware Tools.