VMware published a security advisory addressing an important-severity vulnerability on August 23, 2022. The vulnerability, identified as CVE-2022-31676, has a CVSS vulnerability severity rating of 7.0.

The research claims that threat actors with local non-administrative access to the guest operating system have the ability to elevate their privileges and become the virtual machine’s root user. A remote threat actor will be able to take control of a compromised system after it has been exploited.

The following versions of VMware Tools are vulnerable:

• Versions of Windows prior to 12.1.0 and 11.0.0 through 11.3.5
• Versions of Linux from 11.0.0 to 11.3.0 and earlier than 10.3.25

To address the issue, VMware published,

• Versions 12.1.0 and 10.3.25 for Linux
• Version 12.1.0 and 10.3.25 for Windows

Additionally, VMware warned that no workarounds are available.

Recommendations

It’s recommended to apply the provided security patches and updates as soon as possible to mitigate potential risks.

Source

https://www.vmware.com/security/advisories/VMSA-2022-0024.html

You may also like,

VMware vCenter Server updates address a privilege escalation vulnerability (CVE-2021-22048)