Categories: Cyber Security News

VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite

Cloud computing company, VMware addresses local privilege escalation vulnerability in the VMware Tools suite of utilities that impacts both Windows and Linux platforms.

The flaw is tracked as (CVE-2022-31676), a local privilege escalation vulnerability with a CVSSv3 base score of 7.0. It could be exploited by an actor to escalate privileges as a root user in the virtual machine.

 “VMware Tools was impacted by local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine,” VMWare

The company said the VMware Tools was impacted by local privilege escalation vulnerability. VMware has estimated the severity of this issue to be in the ‘Important’ severity range.

VMware Tools is a suite of software tools used to improve the performance of the VM’s guest operating system as well as the resource management of the virtual machine itself. 

The flaw (CVE-2022-31676) was patched by VMware in version 12.1.0 for Windows and 10.3.25 for Linux machines.

Patches Released

VMware released updates that address local privilege escalation vulnerability.

The company has attached a link to its External Vulnerability Response and Remediation Policy webpage which is designed to allow users and researchers to report additional vulnerabilities, as well as see VMware’s latest security advisories.

Notably, the updates for Tools come months after the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to all federal agencies to mitigate two new VMware vulnerabilities. The company patched both the vulnerabilities subsequently.

Secure Azure AD Conditional Access – Download Free White Paper

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Ransomware Group Actively Exploits Windows CLFS Zero-Day Vulnerability

Microsoft has uncovered a sophisticated ransomware campaign exploiting a zero-day vulnerability in the Windows Common…

12 minutes ago

CISA Issues Alert on Active Exploits of Windows CLFS Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding active exploitation…

2 hours ago

Apache mod_auth_openidc Flaw Lets Unauthenticated Users Access Protected Data

A critical flaw in Apache mod_auth_openidc (versions ≤2.4.16.10) allows unauthenticated attackers to bypass authentication and access protected…

3 hours ago

NCSC Issues Alert on MOONSHINE and BADBAZAAR Mobile Malware

GCHQ’s National Cyber Security Centre (NCSC), in collaboration with international and industry partners, has issued…

3 hours ago

20 Best Incident Response Tools in 2025

In today's digital era, organizations face an ever-growing threat landscape, with cyberattacks, data breaches, and…

4 hours ago

Chrome Use-After-Free Vulnerability Enables Remote Code Attacks

Google has rolled out a critical update for its Chrome browser, addressing a high-severity vulnerability…

4 hours ago