—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2209
VMSA-2021-0013 – VMware Tools, VMRC and VMware App Volumes
updates addresses a local privilege escalation
23 June 2021
===========================================================================
AusCERT Security Bulletin Summary
———————————
Product: VMware Tools for Windows
VMRC for Windows
App Volumes
Publisher: VMWare
Operating System: Windows
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Increased Privileges — Existing Account
Reduced Security — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-21999
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2021-0013.html
– ————————–BEGIN INCLUDED TEXT——————–
Important
Advisory ID: VMSA-2021-0013
CVSSv3 Range: 7.8
Issue Date: 2021-06-22
Updated On: 2021-06-22 (Initial Advisory)
CVE(s): CVE-2021-21999
Synopsis: VMware Tools, VMRC and VMware App Volumes update addresses a local
privilege escalation vulnerability (CVE-2021-21999)
1. Impacted Products
VMware Tools for Windows
VMware Remote Console for Windows (VMRC for Windows)
VMware App Volumes
2. Introduction
A local privilege escalation vulnerability in VMware Tools for Windows, VMRC
for Windows and VMware App Volumes was privately reported to VMware. Updates
are available to remediate this vulnerability in affected VMware products.
3. VMware Tools, VMRC and VMware App Volumes update addresses a local privilege
escalation vulnerability (CVE-2021-21999)
Description
VMware Tools for Windows, VMRC for Windows and VMware App Volumes contain a
local privilege escalation vulnerability. VMware has evaluated the severity of
this issue to be in the Important severity range with a maximum CVSSv3 base score
of 7.8.
Known Attack Vectors
An attacker with normal access to a virtual machine may exploit this issue by
placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory
which would allow code to be executed with elevated privileges.
Resolution
To remediate CVE-2021-21999 apply the patches listed in the ‘Fixed Version’
column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure
working with Trend Micro Zero Day Initiative and Hou JingYi (@hjy79425575)
of Qihoo 360 for reporting this vulnerability to us.
Response Matrix
Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Tools for Windows 11.x.y and prior Windows CVE-2021-21999 7.8 important 11.2.6 None None
VMRC for Windows 12.x Windows CVE-2021-21999 7.8 important 12.0.1 None None
App Volumes 4 Windows CVE-2021-21999 7.8 important 2103 None None
App Volumes 2.x Windows CVE-2021-21999 7.8 important 2.18.10 None None
4. References
Fixed Version(s) and Release Notes:
VMware Tools for Windows 11.2.6
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/info/slug/datacenter_cloud_infrastructure/vmware_tools/11_x
https://docs.vmware.com/en/VMware-Tools/11.2/rn/VMware-Tools-1126-Release-Notes.html
VMware Remote Console for Windows 12.0.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=VMRC1201&productId=974
https://docs.vmware.com/en/VMware-Remote-Console/12.0/rn/VMware-Remote-Console-1201-Release-Notes.html
VMware App Volumes 4 2103
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-440-ADV&productId=961&rPId=65809
https://docs.vmware.com/en/VMware-App-Volumes/2103/rn/VMware-App-Volumes-4-version-2103.html
VMware App Volumes 2.18.10
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-21810&productId=534&rPId=63696
https://docs.vmware.com/en/VMware-App-Volumes/2.18.10/rn/VMware-App-Volumes-21810-Release-Notes.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21999
FIRST CVSSv3 Calculator:
CVE-2021-21999: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2021-06-22 VMSA-2021-0013
Initial security advisory.
– ————————–END INCLUDED TEXT——————–
You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYNKND+NLKJtyKPYoAQhFLxAAh67vrXdUEAMMUe30yrSvUiGslEeJw3OR
20uJsWQltgE80PtsKhM1sSECVOLVFhplEq39Qoqcnynd8FMfNItAyuz43iZTUHvB
AAztyeZOo6e6BU1k+NrJnvt2UUxo4R/OZzTSAtF/We3VKKmkpVxW5I0JWQwZzTZf
2yuxArzKQfNcDKyjv+V+UNTn3sWIRg/rieksGBJoChh9s5bOTfmjQxbveuC0RicJ
bJBDi6Ju9cCxOgBgPmlQxnU4e35fh0OWlwJjAVyTbDME0AIQWBy6xc8bhWTBIgr7
LIZkCjaESUmIcUI7BkAVgJVBbqqMF6gYYOxDDphqhfIHqq66+sjDRpPWGZmXeTKg
40v8N8FjqwsAr7vc7PK9WneY4pDuzdkZHlH/XjyP/ML0TozDFzHfkccsLzLzhYIB
s32hdlGGLvYD08szjQgHas/XAEFIiOpx49an2uMThFmJbfQGAl8+LouvZKxqyZ02
OI78txwUJyWjkOashSv/R48cx8/aJpUySZLpdybfsjgnXHPeIN5/SUJZ2Ye/blKR
9sVc+yH7uLgy/IoTfzVkuCnViEo3YwbMvSqPn8bvNA5sbmanf8f+vlz/KmV6/Rbn
5l0iyJNHGb2LKakCokdZnC74T61vR0YVBuzLLjpx+moo4kWlvRXIRgBSYMWXosPg
mlEQd/iOp78=
=xLlC
—–END PGP SIGNATURE—–
The post ESB-2021.2209 – [Win] VMware Products for Windows: Multiple vulnerabilities appeared first on Malware Devil.
https://malwaredevil.com/2021/06/23/esb-2021-2209-win-vmware-products-for-windows-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2209-win-vmware-products-for-windows-multiple-vulnerabilities
No comments:
Post a Comment