CVE-2022-22977
highCVSS v3 Base Score
7.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
EPSS Score
0.0%
Exploitation probability in 30 days
Top 88% most likely to be exploited
Attack Characteristics
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Confidentiality
High
Integrity
None
Availability
High
Vulnerability Report
Generated by CyberWatcher
Description
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CWE
CWE-611Affected Products
vmware tools