A high-severity flaw in VMware Tools for Windows that was patched this week could be used to execute arbitrary code with elevated privileges. The vulnerability is tagged as CVE-2021-21999 and has a CVSS score of 7.8. It is a local privilege escalation that needs normal access to a virtual machine for successful exploitation.
“An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as ‘openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges,” VMware says an advisory.
This security flaw affects not just VMware Tools for Windows, but also VMware App Volumes, and VMware Remote Console (VMRC) for Windows according to the company.
To Read More: securityweek
Also Check : Introducing the TOUGHBOOK S1 Developed to deliver all the features you want, and all the rugged you need