The VMware Tools suite of utilities contains a local privilege escalation vulnerability that enables a malicious actor with local non-administrative access to the Guest OS to escalate privileges as a root user in a virtual machine.
Impact
VMware has released an advisory and rated the issue as an “important severity” with a maximum CVSSv3 base score of 7.0. The vulnerability impacts the following VMware Tools versions: from (including) 10.x.y up to (excluding) 12.1.0 (Windows), from 11.x.y up to 12.1.0 (Linux) and from 10.x.y up to 10.3.25 (Linux). Qualys has assigned QID 376866 to the CVE and this VMWare vulnerability.
DXC perspective
VMware advises applying patches and updating to VMware Tools 12.1.0 and VMware Tools 10.3.25 to remediate the vulnerability. In addition, securing your infrastructure with advanced threat protection tools helps guard against vulnerabilities.