October 3, 2023

A vulnerability in VMware Tools could pave the way for local privilege escalation (LPE) and lead to takeover of virtual machines.

Tracked as CVE-2022-31676, carries a rating of 7.0 out of 10 on the CVSS vulnerability-severity scale.”A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

It is unclear from the release whether it requires access through the VMware virtual console interface or whether a user with some form of remote access to the Guest OS, such as RDP on Windows or shell access for Linux, could exploit the vulnerability.

VMware has patched the issue, with patched-version details available in the security alert. There are no workarounds for the flaw, so admins should apply the update to avoid compromise.

The patch comes on the heels of the disclosure of a critical bug earlier this month that would allow authentication bypass for on-premises VMware implementations, to give attackers initial local access and the ability to exploit LPE vulnerabilities such as this one

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: