Rewterz Threat Advisory – CVE-2021-1306 – Cisco Application Deployment Engine Operating System Local File Inclusion Vulnerability
June 22, 2021Rewterz Threat Alert – DarkRadiation using Bash Ransomware – Active IOCs
June 23, 2021Rewterz Threat Advisory – CVE-2021-1306 – Cisco Application Deployment Engine Operating System Local File Inclusion Vulnerability
June 22, 2021Rewterz Threat Alert – DarkRadiation using Bash Ransomware – Active IOCs
June 23, 2021Severity
High
Analysis Summary
CVE-2021-21999
VMware Tools for Windows, VMRC for Windows, and VMware App Volumes could allow a locally authenticated attacker to gain elevated privileges on the system. By placing a malicious file renamed as `openssl.cnf’ in an unrestricted directory, an attacker could exploit this vulnerability to execute arbitrary code on the system with elevated privileges.VMware Tools for Windows,
Impact
- Gain Privileges
Affected Vendors
- VMware App
- VMware Tools
- VMware VMRC
Affected Products
- VMware App Volumes 2.0
- VMware App Volumes 4.0
- VMware Tools for Windows 11.0
- VMware VMRC for Windows 12.0
Remediation
Refer to VMware Security Advisory VMSA-2021-0013 for the patch, upgrade, or suggested workaround information.
https://www.vmware.com/security/advisories/VMSA-2021-0013.html