Vulnerability Details CVE-2022-31676
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.8%
CVSS Severity
CVSS v3 Score 7.8
References
- http://www.openwall.com/lists/oss-security/2022/08/23/3
- https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/
- https://security.gentoo.org/glsa/202210-27
- https://security.netapp.com/advisory/ntap-20221017-0003/
- https://www.debian.org/security/2022/dsa-5215
- https://www.vmware.com/security/advisories/VMSA-2022-0024.html
- http://www.openwall.com/lists/oss-security/2022/08/23/3
- https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/
- https://security.gentoo.org/glsa/202210-27
- https://security.netapp.com/advisory/ntap-20221017-0003/
- https://www.debian.org/security/2022/dsa-5215
- https://www.vmware.com/security/advisories/VMSA-2022-0024.html
Products affected by CVE-2022-31676
-
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-
-
cpe:2.3:a:vmware:tools:10.0.0
-
cpe:2.3:a:vmware:tools:10.0.12
-
cpe:2.3:a:vmware:tools:10.0.5
-
cpe:2.3:a:vmware:tools:10.0.6
-
cpe:2.3:a:vmware:tools:10.0.8
-
cpe:2.3:a:vmware:tools:10.0.9
-
cpe:2.3:a:vmware:tools:10.1
-
cpe:2.3:a:vmware:tools:10.1.0
-
cpe:2.3:a:vmware:tools:10.1.10
-
cpe:2.3:a:vmware:tools:10.1.15
-
cpe:2.3:a:vmware:tools:10.1.5
-
cpe:2.3:a:vmware:tools:10.1.7
-
cpe:2.3:a:vmware:tools:10.2
-
cpe:2.3:a:vmware:tools:10.2.1
-
cpe:2.3:a:vmware:tools:10.2.5
-
cpe:2.3:a:vmware:tools:10.3.0
-
cpe:2.3:a:vmware:tools:10.3.10
-
cpe:2.3:a:vmware:tools:10.3.2
-
cpe:2.3:a:vmware:tools:10.3.20
-
cpe:2.3:a:vmware:tools:10.3.21
-
cpe:2.3:a:vmware:tools:10.3.22
-
cpe:2.3:a:vmware:tools:10.3.25
-
cpe:2.3:a:vmware:tools:10.3.26
-
cpe:2.3:a:vmware:tools:10.3.5
-
cpe:2.3:a:vmware:tools:11.0.0
-
cpe:2.3:a:vmware:tools:11.0.1
-
cpe:2.3:a:vmware:tools:11.0.5
-
cpe:2.3:a:vmware:tools:11.1.0
-
cpe:2.3:a:vmware:tools:11.1.1
-
cpe:2.3:a:vmware:tools:11.1.5
-
cpe:2.3:a:vmware:tools:11.2.0
-
cpe:2.3:a:vmware:tools:11.2.1
-
cpe:2.3:a:vmware:tools:11.2.5
-
cpe:2.3:a:vmware:tools:11.2.6
-
cpe:2.3:a:vmware:tools:11.3.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:11.0
-
cpe:2.3:o:fedoraproject:fedora:36
-
cpe:2.3:o:fedoraproject:fedora:37
-
cpe:2.3:o:linux:linux_kernel:-
-
cpe:2.3:o:microsoft:windows:-