CVE-2021-21999 – VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

https://notcve.org/view.php?id=CVE-2021-21999

23 Jun 2021 — VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. VMware Tools para Windows (versiones 11.x.y anteriores a 11.2.6), V... • https://www.vmware.com/security/advisories/VMSA-2021-0013.html • CWE-427: Uncontrolled Search Path Element •