CVE-2022-22943 — Uncontrolled Search Path Element in Vmware Tools

CWE-427 — Uncontrolled Search Path Element4 documents4 sources

Severity

6.7MEDIUMNVD

EPSS

0.1%

top 70.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Tools Vmware Tools FOR Windows

Timeline

PublishedMar 3

Latest updateMar 4

Description

VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5vmware/vmware_tools_for_windowsVMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0)

▶NVDvmware/tools10.0.0 — 12.0.0

🔴Vulnerability Details

GHSA

GHSA-v28q-xfvc-8p57: VMware Tools for Windows (11↗2022-03-04

▶

CVEList

CVE-2022-22943: VMware Tools for Windows (11↗2022-03-03

▶

📋Vendor Advisories

VMware

VMware Tools for Windows update addresses an uncontrolled search path vulnerability (CVE-2022-22943)↗2022-03-01

▶