CVE-2022-31676

Published: Aug 23, 2022Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Affected (8)

Products: Vmware: Tools · Debian: Debian Linux · Fedoraproject: Fedora · +1 more

Show all products

Vmware: Tools · Debian: Debian Linux · Fedoraproject: Fedora · Netapp: Ontap Select Deploy Administration Utility

1 product

1 product

1 product

1 product

Ontap Select Deploy Administration Utility

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Tools	From 10.0.0 to 12.1.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Configuration B

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Vmware Tools	From 10.0.0 to 10.3.25
Vmware Tools	From 11.0.0 to 12.1.0

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 36
Fedoraproject Fedora	Version 37

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Netapp Ontap Select Deploy Administration Utility	All versions

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (18)

http://www.openwall.com/lists/oss-security/2022/08/23/3

Source: security@vmware.com

Mailing ListPatchRelease NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/08/msg00013.html

Source: security@vmware.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/

Source: security@vmware.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/

Source: security@vmware.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/

Source: security@vmware.com

https://security.gentoo.org/glsa/202210-27

Source: security@vmware.com

Third Party Advisory

https://security.netapp.com/advisory/ntap-20221017-0003/

Source: security@vmware.com

Third Party Advisory

https://www.debian.org/security/2022/dsa-5215

Source: security@vmware.com

Third Party Advisory

https://www.vmware.com/security/advisories/VMSA-2022-0024.html

Source: security@vmware.com

Release NotesVendor Advisory

http://www.openwall.com/lists/oss-security/2022/08/23/3