CVE-2022-22943
MEDIUMVMware Tools 10.0.0-11.x.y - Uncontrolled Search Path Element
Title source: llmDescription
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2022-0007.html
Scores
CVSS v3
6.7
EPSS
0.0012
EPSS Percentile
30.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
vmware/tools
10.0.0 - 12.0.0
Published
Mar 03, 2022
Tracked Since
Feb 18, 2026