CVE-2021-21999

Name of the Vulnerable Software and Affected Versions VMware Tools for Windows versions 11.x.y prior to 11.2.6 VMware Remote Console for Windows versions 12.x prior to 12.0.1 VMware App Volumes versions 2.x prior to 2.18.10 VMware App Volumes version 4 prior to 2103

Description The issue is related to a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this by placing a malicious file renamed as openssl.cnf in an unrestricted directory, allowing code to be executed with elevated privileges. The vulnerability is also associated with an uncontrolled search path element.

Recommendations For VMware Tools for Windows versions 11.x.y prior to 11.2.6, update to version 11.2.6 or later. For VMware Remote Console for Windows versions 12.x prior to 12.0.1, update to version 12.0.1 or later. For VMware App Volumes versions 2.x prior to 2.18.10, update to version 2.18.10 or later. For VMware App Volumes version 4 prior to 2103, update to version 2103 or later. As a temporary workaround, consider restricting access to unrestricted directories to minimize the risk of exploitation. Avoid using the openssl.cnf file in vulnerable configurations until the issue is resolved.