A security flaw identified in VMware Tools could lead to local privilege escalation attacks. A remote attacker with initial access can steal sensitive data and take complete control over virtual machines. The flaw has a CVSS score of 7.0 and is tracked as CVE-2022-31676.
VMware Tools is a tool collection to assist and improve Guest operating systems and user management in VM. Access to Guest OS is frequently required, so the vulnerability is considered important.
The previous security patch from VMware, made available earlier this month, had also addressed critical vulnerabilities that could lead to local privilege escalation.
According to VMware’s security advisory, a threat actor that has obtained local non-administrative access to the Guest OS -by RDP or by using the VMware virtual console interface- can exploit CVE-2022-31676 to gain root user privileges within the virtual machine.
How to Mitigate?
VMware has provided security updates to remediate the vulnerability in VMware Tools. It is advised to apply the updates as there are no workarounds for the vulnerability.
Fixed versions are as below:
- For version 10.x.x on Linux, update to 10.3.25
- For versions 11.x.x and 12.x.x on Linux, update to 12.1.0
- For versions 10.x.x, 11.x.x and 12.x.x on Windows, update to 12.1.0
Behavior detection and insider threat solutions should be implemented to track credential abuse.