VMSA-2021-0013:VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability
1. Impacted Products
- VMware Tools for Windows (VMware Tools)
- VMware Remote Console for Windows (VMRC for Windows)
- VMware App Volumes
2. Introduction
A local privilege escalation vulnerability in VMware Tools for Windows, VMRC for Windows and VMware App Volumes was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
3. VMware Tools, VMRC and VMware App Volumes update addresses a local privilege escalation vulnerability (CVE-2021-21999)
Description
VMware Tools for Windows, VMRC for Windows and VMware App Volumes contain a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors
An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges.
Resolution
To remediate CVE-2021-21999 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Zeeshan Shaikh (@bugzzzhunter) from NotSoSecure working with Trend Micro Zero Day Initiative and Hou JingYi (@hjy79425575) of Qihoo 360 for reporting this vulnerability to us.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Tools | 11.3.0 | Any | CVE-2021-21999 | N/A | N/A | Unaffected | N/A | N/A |
| VMware Tools | 11.x.y | Windows | CVE-2021-21999 | important | 11.2.6 | None | None | |
| VMware Tools | 10.x.y | Any | CVE-2021-21999 | N/A | N/A | Unaffected | N/A | N/A |
| VMRC for Windows | 12.x | Windows | CVE-2021-21999 | important | 12.0.1 | None | None | |
| App Volumes | 4 | Windows | CVE-2021-21999 | important | 2103 | None | None | |
| App Volumes | 2.x | Windows | CVE-2021-21999 | important | 2.18.10 | None | None |
4. References
Fixed Version(s) and Release Notes:
VMware Tools for Windows 11.2.6
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/info/slug/datacenter_cloud_infrastructure/vmware_tools/11_x
https://docs.vmware.com/en/VMware-Tools/11.2/rn/VMware-Tools-1126-Release-Notes.html
VMware Remote Console for Windows 12.0.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=VMRC1201&productId=974
https://docs.vmware.com/en/VMware-Remote-Console/12.0/rn/VMware-Remote-Console-1201-Release-Notes.html
VMware App Volumes 4 2103
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-440-ADV&productId=961&rPId=65809
https://docs.vmware.com/en/VMware-App-Volumes/2103/rn/VMware-App-Volumes-4-version-2103.html
VMware App Volumes 2.18.10
Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-21810&productId=534&rPId=63696
https://docs.vmware.com/en/VMware-App-Volumes/2.18.10/rn/VMware-App-Volumes-21810-Release-Notes.html
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21999
FIRST CVSSv3 Calculator:
CVE-2021-21999: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2021-06-22 VMSA-2021-0013
Initial security advisory.
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2021 VMware Inc. All rights reserved.