Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

Overview

VMware has released a security update to address a vulnerability (CVE-2022-31676) in VMware Tools.

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains the local privilege escalation vulnerability CVE-2022-31676.  This could allow a malicious actor (with local non-administrative access to the Guest OS) to escalate privileges as a root user in the virtual machine, therefore granting further access and opening the machine to malware and further exploitation.

The severity of this issue is in the Important severity range with a maximum CVSSv3 base score of 7.0.

Recommended Action

  • Affected organisations are required to review VMware's security advisory below
  • The affected product should be updated as soon as possible.

VMSA-2022-0024

 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates