CVE-2021-21999

VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.

Published: Jun 23, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-21999
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-427

Affected Software
References

Software	From	Fixed in
vmware / remote_console	12.0.0	12.0.1
vmware / app_volumes	2.0	2.18.10
vmware / app_volumes	4	2103
vmware / tools	11.0.0	11.2.6

https://www.vmware.com/security/advisories/VMSA-2021-0013.html
https://www.zerodayinitiative.com/advisories/ZDI-21-754/

Vulnerability Database

289,697

CVE-2021-21999