Untrusted search path in VMware Tools

#VU60939 Untrusted search path in VMware Tools

Published: 2022-03-02

Vulnerability identifier: #VU60939

Vulnerability risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22943

CWE-ID: CWE-426

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Tools
Client/Desktop applications / Other client software

Vendor: VMware, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure loading of files. A local privileged user on the guest OS can place a specially crafted library into the current working directory and execute arbitrary code with elevated (SYSTEM) privileges on the guest OS.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Tools: 10.0.0 - 11.3.5

External links
http://www.vmware.com/security/advisories/VMSA-2022-0007.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in cPanel EasyApache 4

Privilege escalation in VMware Tools for Windows