A high-severity flaw in VMware Tools for Windows that was patched this week could be used to execute arbitrary code with elevated privileges. The vulnerability is tagged as CVE-2021-21999 and has a CVSS score of 7.8. It is a local privilege escalation that needs normal access to a virtual machine for successful exploitation.
“An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as ‘openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges,” VMware says an advisory.
This security flaw affects not just VMware Tools for Windows, but also VMware App Volumes, and VMware Remote Console (VMRC) for Windows according to the company.
To Read More: securityweek