CVE-2021-21999
published 2021-06-23CVE-2021-21999: VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | app_volumes | >= 2.0 < 2.18.10 | 2.18.10 |
| vmware | app_volumes | >= 4 < 2103 | 2103 |
| vmware | remote_console | >= 12.0.0 < 12.0.1 | 12.0.1 |
| vmware | tools | >= 11.0.0 < 11.2.6 | 11.2.6 |