CVE-2022-31676

CWE-269 — Improper Privilege Management CWE-2509 documents8 sources

Severity

7.8HIGH

EPSS

0.1%

top 79.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Tools Debian Debian Linux Fedoraproject Fedora

Timeline

PublishedAug 23

Latest updateAug 24

Description

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDvmware/tools10.0.0 — 12.1.0+2

▶CVEListV5vmware_toolsVMware Tools (12.0.0, 11.x.y and 10.x.y)

▶Debianopen-vm-tools< 2:11.2.5-2+deb11u1+3

Also affects: Debian Linux 10.0, 11.0, Fedora 36, 37

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

GHSA-whrm-jv67-hw75: VMware Tools (12↗2022-08-24

▶

CVEList

CVE-2022-31676: VMware Tools (12↗2022-08-23

▶

OSV

CVE-2022-31676: VMware Tools (12↗2022-08-23

▶

📋Vendor Advisories

Ubuntu

Open VM Tools vulnerability↗2022-08-24

▶

Ubuntu

Open VM Tools vulnerability↗2022-08-24

▶

Red Hat

open-vm-tools: local root privilege escalation in the virtual machine↗2022-08-23

▶

VMware

VMware Tools update addresses a local privilege escalation vulnerability (CVE-2022-31676)↗2022-08-23

▶

Debian

CVE-2022-31676: open-vm-tools - VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation v...↗2022

▶