Categories: Cyber Security News

VMware Flaw Let Attackers Escalate Privilege in VMware Tools Suite

Cloud computing company, VMware addresses local privilege escalation vulnerability in the VMware Tools suite of utilities that impacts both Windows and Linux platforms.

The flaw is tracked as (CVE-2022-31676), a local privilege escalation vulnerability with a CVSSv3 base score of 7.0. It could be exploited by an actor to escalate privileges as a root user in the virtual machine.

 “VMware Tools was impacted by local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine,” VMWare

The company said the VMware Tools was impacted by local privilege escalation vulnerability. VMware has estimated the severity of this issue to be in the ‘Important’ severity range.

VMware Tools is a suite of software tools used to improve the performance of the VM’s guest operating system as well as the resource management of the virtual machine itself. 

The flaw (CVE-2022-31676) was patched by VMware in version 12.1.0 for Windows and 10.3.25 for Linux machines.

Patches Released

VMware released updates that address local privilege escalation vulnerability.

The company has attached a link to its External Vulnerability Response and Remediation Policy webpage which is designed to allow users and researchers to report additional vulnerabilities, as well as see VMware’s latest security advisories.

Notably, the updates for Tools come months after the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to all federal agencies to mitigate two new VMware vulnerabilities. The company patched both the vulnerabilities subsequently.

Secure Azure AD Conditional Access – Download Free White Paper

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments

A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID…

1 day ago

Threat Actors Exploit Google Apps Script to Host Phishing Sites

The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google…

1 day ago

Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials

Cybersecurity researchers from Trustwave’s Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by…

1 day ago

Beware: Weaponized AI Tool Installers Infect Devices with Ransomware

Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers,…

1 day ago

Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features

Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for…

1 day ago

Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges

A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security…

1 day ago