Lucene search

VMwareVMSA-2021-0013

HistoryJun 22, 2021 - 12:00 a.m.

VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability (CVE-2021-21999)

2021-06-2200:00:00

www.vmware.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.6%

JSON

3. VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability (CVE-2021-21999)

VMware Tools for Windows, VMRC for Windows and VMware App Volumes contain a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

CPENameOperatorVersion
vmware toolslt11.2.6
vmrc for windowslt12.0.1
app volumeslt2103
app volumeslt2.18.10

Name	Operator	Version
vmware tools	lt	11.2.6
vmrc for windows	lt	12.0.1
app volumes	lt	2103
app volumes	lt	2.18.10

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21999

docs.vmware.com/en/VMware-App-Volumes/2.18.10/rn/VMware-App-Volumes-21810-Release-Notes.html

docs.vmware.com/en/VMware-App-Volumes/2103/rn/VMware-App-Volumes-4-version-2103.html

docs.vmware.com/en/VMware-Remote-Console/12.0/rn/VMware-Remote-Console-1201-Release-Notes.html

docs.vmware.com/en/VMware-Tools/11.2/rn/VMware-Tools-1126-Release-Notes.html

my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-21810&productId=534&rPId=63696

my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-440-ADV&productId=961&rPId=65809

my.vmware.com/web/vmware/downloads/details?downloadGroup=VMRC1201&productId=974

my.vmware.com/web/vmware/downloads/info/slug/datacenter_cloud_infrastructure/vmware_tools/11_x

www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

14.6%

JSON

Related for VMSA-2021-0013