PT-2022-4410 · Vmware+10 · Vmware Tools+10

Published

2022-08-23

·

Updated

2025-08-13

·

CVE-2022-31676

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions VMware Tools versions 10.x.y through 12.0.0
Description The issue is related to insufficient access control in VMware Tools, allowing a malicious actor with local non-administrative access to the Guest OS to escalate privileges as a root user in the virtual machine. This can potentially lead to sensitive data theft and user credential compromise. The vulnerability affects VMware Tools on both Windows and Linux platforms.
Recommendations For versions 10.x.y through 12.0.0, update to version 12.1.0 or 10.3.25 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable components of VMware Tools until a patch is applied.

Fix

LPE

Improper Privilege Management

Improper Access Control

Weakness Enumeration

CWE-269CWE-284

Related Identifiers

ALSA-2022:6357
ALSA-2022:6358
ALT-PU-2022-2579
BDU:2022-05274
CESA-2022_6357
CESA-2022_6381
CVE-2022-31676
DLA-3081-1
DSA-5215-1
MGASA-2022-0342
OPENSUSE-SU-2022_2936-1
OPENSUSE-SU-2024:12288-1
RHSA-2022:6354
RHSA-2022:6355
RHSA-2022:6356
RHSA-2022:6357
RHSA-2022:6358
RHSA-2022:6381
RHSA-2022_6357
RHSA-2022_6358
RHSA-2022_6381
RLSA-2022:6357
RLSA-2022:6358
SUSE-SU-2022:2935-1
SUSE-SU-2022:2936-1
SUSE-SU-2022:2936-2
SUSE-SU-2022:2940-1
SUSE-SU-2022:2961-1
SUSE-SU-2022:2962-1
SUSE-SU-2022:2985-1
SUSE-SU-2022:2986-1
SUSE-SU-2022_2935-1
SUSE-SU-2022_2936-1
SUSE-SU-2022_2940-1
SUSE-SU-2022_2961-1
SUSE-SU-2022_2962-1
SUSE-SU-2022_2985-1
SUSE-SU-2022_2986-1
USN-5578-1
USN-5578-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Vmware Tools