Vulnerability Details CVE-2021-21999
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 24.1%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
Products affected by CVE-2021-21999
-
cpe:2.3:a:vmware:app_volumes:2.0
-
cpe:2.3:a:vmware:app_volumes:2.10
-
cpe:2.3:a:vmware:app_volumes:2.11
-
cpe:2.3:a:vmware:app_volumes:2.12
-
cpe:2.3:a:vmware:app_volumes:2.12.1
-
cpe:2.3:a:vmware:app_volumes:2.13
-
cpe:2.3:a:vmware:app_volumes:2.13.3
-
cpe:2.3:a:vmware:app_volumes:2.14
-
cpe:2.3:a:vmware:app_volumes:2.15
-
cpe:2.3:a:vmware:app_volumes:2.16
-
cpe:2.3:a:vmware:app_volumes:2.17
-
cpe:2.3:a:vmware:app_volumes:2.18
-
cpe:2.3:a:vmware:app_volumes:2.18.2
-
cpe:2.3:a:vmware:app_volumes:2.18.4
-
cpe:2.3:a:vmware:app_volumes:2.18.6
-
cpe:2.3:a:vmware:app_volumes:2.18.6.10
-
cpe:2.3:a:vmware:app_volumes:2.18.6.22
-
cpe:2.3:a:vmware:app_volumes:2.9
-
cpe:2.3:a:vmware:app_volumes:2006
-
cpe:2.3:a:vmware:app_volumes:4
-
cpe:2.3:a:vmware:remote_console:12.0.0
-
cpe:2.3:a:vmware:tools:*