CVE-2022-22977

Name of the Vulnerable Software and Affected Versions VMware Tools for Windows versions 10.x.y through 12.0.0

Description The issue is related to an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Recommendations For versions 10.x.y through 12.0.0, consider disabling the XML parsing functionality until a patch is available. As a temporary workaround, restrict access to the VMware Tools to minimize the risk of exploitation. Avoid using the vulnerable XML functionality in the affected Windows guest OS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.