Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-31676

Published: 23/08/2022 Updated: 07/11/2023
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Vmware

Vulnerability Summary

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware tools

debian debian linux 10.0

debian debian linux 11.0

fedoraproject fedora 36

fedoraproject fedora 37

netapp ontap select deploy administration utility -

Vendor Advisories

Debian CVElist Bug Report Logs: open-vm-tools: CVE-2022-31676: local privilege escalation
Debian Bug report logs - #1018012 open-vm-tools: CVE-2022-31676: local privilege escalation Package: src:open-vm-tools; Maintainer for src:open-vm-tools is Bernd Zeimetz <bzed@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 24 Aug 2022 07:21:02 UTC Severity: grave Tags: fixed-upstream, s ...
Debian Security Advisories: DSA-5215-1 open-vm-tools -- security update
A vulnerability was discovered in open-vm-tools, an open source implementation of VMware Tools, allowing an unprivileged local guest user to escalate their privileges as root user in the virtual machine For the stable distribution (bullseye), this problem has been fixed in version 2:1125-2+deb11u1 We recommend that you upgrade your open-vm-tool ...
Red Hat: Important: open-vm-tools security update
Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Secur ...
Red Hat: Important: open-vm-tools security update
Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update ...
Red Hat: Important: open-vm-tools security update
Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Pro ...
Red Hat: Important: open-vm-tools security update
Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Secur ...
Red Hat: Important: open-vm-tools security update
Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update ...
Red Hat: Important: open-vm-tools security update
Synopsis Important: open-vm-tools security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for open-vm-tools is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update ...
Amazon Linux 2: ALAS2-2023-2114
VMware Tools (1200, 11xy and 10xy) contains a local privilege escalation vulnerability A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine (CVE-2022-31676) ...
Red Hat:
VMware Tools (1200, 11xy and 10xy) contains a local privilege escalation vulnerability A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS
PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...
Palo Alto Networks Security Advisory: PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS
PAN-SA-2024-0004 Informational Bulletin: OSS CVEs fixed in PAN-OS ...
VMware Security Advisories:
Sign up for Security Advisories Stay up to date on the latest VMware Security advisories and updates ...

Github Repositories

https://github.com/johnwvmw/open-vm-tools

Fedora open-vm-tools packahing.

CVE-2022-31676 A security issue in VMware Tools and open-vm-tools has been announced by VMware in a security advisory VMSA-2022-0024 The issue has been fixed in the open-vm-tools release 1210 made on August 23, 2022 The following patches provided to the open-vm-tools community can be used to apply the security fix to previous open-vm-tools releases For releases 1205, 12

References

CWE-269https://www.vmware.com/security/advisories/VMSA-2022-0024.htmlhttp://www.openwall.com/lists/oss-security/2022/08/23/3https://www.debian.org/security/2022/dsa-5215https://lists.debian.org/debian-lts-announce/2022/08/msg00013.htmlhttps://security.netapp.com/advisory/ntap-20221017-0003/https://security.gentoo.org/glsa/202210-27https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O4TZF6QRJIDECGMEGBPXJCHZ6YC3VZ6Z/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C5VV2R4LV4T3SNQJYRLFD4C75HBDVV76/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZA63DWRW7HROTVBNRIPBJQWBYIYAQMEW/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018012https://nvd.nist.govhttps://github.com/johnwvmw/open-vm-toolshttps://www.vmware.com/security/advisories/VMSA-2022-0024.htmlhttps://www.debian.org/security/2022/dsa-5215
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook