nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

VMware Tools update OS Command Injection

JDMurray

"VMware Server Infrastructure Web Access is prone to remote command
execution vulnerability because the software fails to adequately
sanitize user-supplied input."

"When Updating the VMTools on a certain Guest Virtual Machine, a command
injection attack can be executed if specially crafted parameters are sent.
Successful attacks can compromise the affected Guest Virtual Machine
with root privileges."

VMware Tools update OS Command Injection

I'm gonna assume the same types of vulnerabilities are in the VMware VI API too.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

blargoe

Thankfully (for me), it doesn't affect Windows VM's

JDMurray

Only if you have the latest patch installed, otherwise it looks like VMware Tools is vulnerable regardless of the OS it is installed on.

azjag

JDMurray wrote: »

Only if you have the latest patch installed, otherwise it looks like VMware Tools is vulnerable regardless of the OS it is installed on.

Thanks for the heads up on this one. I'm scheduled to update "out of date" tools on about 100 guest machines this coming weekend. Might have to research alternative methods for running mass updates.