VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite

Cloud computing company, VMware addresses local privilege escalation vulnerability in the VMware Tools suite of utilities that impacts both Windows and Linux platforms.

The flaw is tracked as (CVE-2022-31676), a local privilege escalation vulnerability with a CVSSv3 base score of 7.0. It could be exploited by an actor to escalate privileges as a root user in the virtual machine.

 “VMware Tools was impacted by local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine,” VMWare

The company said the VMware Tools was impacted by local privilege escalation vulnerability. VMware has estimated the severity of this issue to be in the ‘Important’ severity range.

VMware Tools is a suite of software tools used to improve the performance of the VM’s guest operating system as well as the resource management of the virtual machine itself. 

The flaw (CVE-2022-31676) was patched by VMware in version 12.1.0 for Windows and 10.3.25 for Linux machines.

Patches Released

VMware released updates that address local privilege escalation vulnerability.

The company has attached a link to its External Vulnerability Response and Remediation Policy webpage which is designed to allow users and researchers to report additional vulnerabilities, as well as see VMware’s latest security advisories.

Notably, the updates for Tools come months after the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to all federal agencies to mitigate two new VMware vulnerabilities. The company patched both the vulnerabilities subsequently.

Secure Azure AD Conditional Access – Download Free White Paper