What is the severity of CVE-2021-21999?

CVE-2021-21999 has a severity rating of 7.8, which is considered high.

Which software is affected by CVE-2021-21999?

VMware Workstation, VMware App Volumes, VMware Remote Console, and VMware Tools are affected by CVE-2021-21999.

How can I fix CVE-2021-21999?

Update to the latest version of VMware Workstation or apply the patches provided by VMware.

Vulnerability/
CVE-2021-21999

high

7.8

CWE

427

23/6/2021

3/8/2024

CVE-2021-21999: VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Q: What is CVE-2021-21999?

CVE-2021-21999 is a vulnerability that allows local attackers to escalate privileges on affected installations of VMware Workstation.

First published: Wed Jun 23 2021(Updated: )

This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VGAuthService service. The issue results from the lack of proper validation of a user-supplied OpenSSL configuration file prior to using it. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

Credit: security@vmware.com

Affected Software	Affected Version	How to fix
VMware App Volumes	>=2.0<2.18.10
VMware App Volumes	>=4<2103
Vmware Remote Console	>=12.0.0<12.0.1
Vmware Tools	>=11.0.0<11.2.6
VMware Workstation

Remedy

https://www.vmware.com/security/advisories/VMSA-2021-0013.html

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-21999?
CVE-2021-21999 is a vulnerability that allows local attackers to escalate privileges on affected installations of VMware Workstation.
How can this vulnerability be exploited?
An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
What is the severity of CVE-2021-21999?
CVE-2021-21999 has a severity rating of 7.8, which is considered high.
Which software is affected by CVE-2021-21999?
VMware Workstation, VMware App Volumes, VMware Remote Console, and VMware Tools are affected by CVE-2021-21999.
How can I fix CVE-2021-21999?
Update to the latest version of VMware Workstation or apply the patches provided by VMware.

agent/references
agent/type
agent/title
agent/weakness
agent/severity
agent/remedy
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
agent/event
collector/zdi-advisory
source/ZDI
alias/ZDI-21-754
alias/ZDI-CAN-13068
alias/CVE-2021-21999
agent/software-canonical-lookup
vendor/vmware
canonical/vmware app volumes
version/vmware app volumes/2.0
version/vmware app volumes/4
canonical/vmware remote console
version/vmware remote console/12.0.0
canonical/vmware tools
version/vmware tools/11.0.0
canonical/vmware workstation

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.