====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN335
_____________________________________________________________________

DATE                : 23/06/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Tools for Windows versions
                                   prior to 11.2.6,
                     VMRC for Windows versions prior to 12.0.1,
                  App Volumes versions prior to 2103, 2.18.10.

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2021-0013.html
_____________________________________________________________________


Important


Advisory ID:       VMSA-2021-0013
CVSSv3 Range:      7.8
Issue Date:        2021-06-22
Updated On:        2021-06-22 (Initial Advisory)
CVE(s):            CVE-2021-21999


Synopsis:
VMware Tools, VMRC and VMware App Volumes update addresses a local
privilege escalation vulnerability (CVE-2021-21999)


1. Impacted Products

    VMware Tools for Windows
    VMware Remote Console for Windows (VMRC for Windows)
    VMware App Volumes


2. Introduction

A local privilege escalation vulnerability in VMware Tools for Windows,
VMRC for Windows and VMware App Volumes was privately reported to
VMware. Updates are available to remediate this vulnerability in
affected VMware products.


3. VMware Tools, VMRC and VMware App Volumes update addresses a local
privilege escalation vulnerability (CVE-2021-21999)

Description

VMware Tools for Windows, VMRC for Windows and VMware App Volumes
contain a local privilege escalation vulnerability. VMware has evaluated
the severity of this issue to be in the Important severity range with a
maximum CVSSv3 base score of 7.8.

Known Attack Vectors

An attacker with normal access to a virtual machine may exploit this
issue by placing a malicious file renamed as `openssl.cnf' in an
unrestricted directory which would allow code to be executed with
elevated privileges.


Resolution

To remediate CVE-2021-21999 apply the patches listed in the 'Fixed
Version' column of the 'Response Matrix' found below.


Workarounds

None.


Additional Documentation

None.


Notes

None.


Acknowledgements

VMware would like to thank Zeeshan Shaikh (@bugzzzhunter) from
NotSoSecure working with Trend Micro Zero Day Initiative and Hou JingYi
(@hjy79425575) of Qihoo 360 for reporting this vulnerability to us.


Response Matrix

Product 	Version 	Running On 	CVE Identifier 	CVSSv3 	Severity 	Fixed
Version 	Workarounds 	Additional Documentation

VMware Tools for Windows   11.x.y and prior    Windows    CVE-2021-21999
	7.8      important       11.2.6      None      None

VMRC for Windows    12.x    Windows    CVE-2021-21999    7.8
	important     12.0.1     None     None

App Volumes     4      Windows      CVE-2021-21999     7.8
	important     2103     None      None

App Volumes     2.x    Windows      CVE-2021-21999     7.8
	important     2.18.10    None     None


4. References

Fixed Version(s) and Release Notes:



VMware Tools for Windows 11.2.6

Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/info/slug/datacenter_cloud_infrastructure/vmware_tools/11_x
https://docs.vmware.com/en/VMware-Tools/11.2/rn/VMware-Tools-1126-Release-Notes.html


VMware Remote Console for Windows 12.0.1

Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=VMRC1201&productId=974
https://docs.vmware.com/en/VMware-Remote-Console/12.0/rn/VMware-Remote-Console-1201-Release-Notes.html



VMware App Volumes 4 2103

Downloads and Documentation:
https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-440-ADV&productId=961&rPId=65809
https://docs.vmware.com/en/VMware-App-Volumes/2103/rn/VMware-App-Volumes-4-version-2103.html



VMware App Volumes 2.18.10

Downloads and Documentation:

https://my.vmware.com/web/vmware/downloads/details?downloadGroup=AV-21810&productId=534&rPId=63696
https://docs.vmware.com/en/VMware-App-Volumes/2.18.10/rn/VMware-App-Volumes-21810-Release-Notes.html


Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21999


FIRST CVSSv3 Calculator:
CVE-2021-21999:
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H


5. Change Log

2021-06-22 VMSA-2021-0013
Initial security advisory.


6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce



This Security Advisory is posted to the following lists:

security-announce@lists.vmware.com

bugtraq@securityfocus.com
fulldisclosure@seclists.org


E-mail: security@vmware.com

PGP key at:
https://kb.vmware.com/kb/1055


VMware Security Advisories
https://www.vmware.com/security/advisories


VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html


VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html


VMware Security & Compliance Blog
https://blogs.vmware.com/security



Twitter
https://twitter.com/VMwareSRC



Copyright 2021 VMware Inc. All rights reserved.

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================