PT-2021-3387 · Vmware · Vmware Tools For Windows+1

Honggang Ren

Published

2021-06-18

Updated

2021-06-24

CVE-2021-21997

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions VMware Tools for Windows versions 11.x.y prior to 11.3.0

Description The issue is related to a denial-of-service vulnerability in the VM3DMP driver of VMware Tools for Windows. This vulnerability can be triggered by a malicious actor with local user privileges in the Windows guest operating system, leading to a denial-of-service condition. The vulnerability exists due to insufficient input validation in the VM3DMP driver, allowing an attacker to cause a denial-of-service.

Recommendations For versions 11.x.y prior to 11.3.0, update to version 11.3.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the VM3DMP driver to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2021-03238

CVE-2021-21997

Affected Products

Vmware Tools

Vmware Tools For Windows

PT-2021-3387 · Vmware · Vmware Tools For Windows+1

CVE-2021-21997

Weakness Enumeration

Related Identifiers

Affected Products

References · 5