VMSA-2021-0013

Important

Advisory ID:
VMSA-2021-0013

CVSSv3 Range:
7.8

Issue Date:
2021-06-22

Updated On:
2021-06-22 (Initial Advisory)

CVE(s):
CVE-2021-21999

Synopsis:
VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability (CVE-2021-21999)

1. Impacted Products

VMware Tools for Windows
VMware Remote Console for Windows (VMRC for Windows)
VMware App Volumes

2. Introduction

A local privilege escalation vulnerability in VMware Tools for Windows, VMRC for Windows and VMware App Volumes was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.

3. VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability (CVE-2021-21999)

Description

VMware Tools for Windows, VMRC for Windows and VMware App Volumes contain a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors

An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory which would allow code to be executed with elevated privileges.

Resolution

To remediate CVE-2021-21999 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure working with Trend Micro Zero Day Initiative and Hou JingYi (@hjy79425575) of Qihoo 360 for reporting this vulnerability to us.

Response Matrix

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

VMware Tools

11.3.0

Any

CVE-2021-21999

N/A

N/A

Unaffected

N/A

N/A

VMware Tools

11.x.y

Windows

CVE-2021-21999

7.8

important

11.2.6

None

None

VMware Tools

10.x.y

Any

CVE-2021-21999

N/A

N/A

Unaffected

N/A

N/A

VMRC for Windows

12.x

Windows

CVE-2021-21999

7.8

important

12.0.1

None

None

App Volumes

4

Windows

CVE-2021-21999

7.8

important

2103

None

None

App Volumes

2.x

Windows

CVE-2021-21999

7.8

important

2.18.10

None

None

4. References

Fixed Version(s) and Release Notes:
 
VMware Tools for Windows 11.2.6
Downloads and Documentation:https://my.vmware.com/web/vmware/downloads/info/slug/datacenter_cloud_infrastructure/vmware_tools/11_xhttps://docs.vmware.com/en/VMware-Tools/11.2/rn/VMware-Tools-1126-Release-Notes.html
VMware Remote Console for Windows 12.0.1
Downloads and Documentation:https://my.vmware.com/web/vmware/downloads/details?downloadGroup=VMRC1201&productId=974https://docs.vmware.com/en/VMware-Remote-Console/12.0/rn/VMware-Remote-Console-1201-Release-Notes.html
 
VMware App Volumes 4 2103
Downloads and Documentation:https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-440-ADV&productId=961&rPId=65809https://docs.vmware.com/en/VMware-App-Volumes/2103/rn/VMware-App-Volumes-4-version-2103.html
 
VMware App Volumes 2.18.10
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-21810&productId=534&rPId=63696https://docs.vmware.com/en/VMware-App-Volumes/2.18.10/rn/VMware-App-Volumes-21810-Release-Notes.html
 
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21999
 
FIRST CVSSv3 Calculator: CVE-2021-21999: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

5. Change Log

2021-06-22 VMSA-2021-0013 Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 
 
This Security Advisory is posted to the following lists:  
security-announce@lists.vmware.com  
bugtraq@securityfocus.com  
fulldisclosure@seclists.org 
 
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055 
 
VMware Security Advisories
https://www.vmware.com/security/advisories 
 
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 
 
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 
 
VMware Security & Compliance Blog  
https://blogs.vmware.com/security 
 
Twitter

 
Copyright 2021 VMware Inc. All rights reserved.  VMware Security AdvisoryRead More