Skip to main content

CVE-2009-1143: n/a in n/a

High
VulnerabilityCVE-2009-1143cvecve-2009-1143n-acwe-59
Published: Wed Nov 23 2022 (11/23/2022, 00:00:00 UTC)
Source: CVE
Vendor/Project: n/a
Product: n/a

Description

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can bypass intended access restrictions on mounting shares via a symlink attack that leverages a realpath race condition in mount.vmhgfs (aka hgfsmounter).

AI-Powered Analysis

AILast updated: 06/22/2025, 06:37:51 UTC

Technical Analysis

CVE-2009-1143 is a high-severity local privilege escalation vulnerability affecting open-vm-tools version 2009.03.18-154848. The vulnerability arises from a race condition in the mount.vmhgfs (also known as hgfsmounter) utility, which is responsible for mounting VMware shared folders within guest virtual machines. Specifically, the issue is a symlink attack exploiting a realpath race condition: a local user can manipulate symbolic links during the path resolution process to bypass intended access restrictions on mounting shared folders. This allows the attacker to mount arbitrary shares or directories that should otherwise be inaccessible, potentially leading to unauthorized access to sensitive data or modification of files. The vulnerability is classified under CWE-59 (Improper Link Resolution Before File Access), indicating a failure to securely handle symbolic links during file system operations. The CVSS 3.1 base score is 7.0, reflecting high severity, with the vector AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H. This means the attack requires local access, low privileges, and high attack complexity, but no user interaction. The impact on confidentiality, integrity, and availability is high, as the attacker can gain unauthorized access and potentially modify or disrupt shared resources. No patches or vendor-specific mitigations are listed in the provided data, and no known exploits in the wild have been reported. The vulnerability was reserved in 2009 but published in 2022, indicating it affects legacy or older versions of open-vm-tools, which are commonly used in VMware virtualized environments to enhance guest OS integration and performance.

Potential Impact

For European organizations, the impact of CVE-2009-1143 can be significant in environments utilizing VMware virtualization with open-vm-tools installed on guest systems, especially if legacy versions are still in use. Successful exploitation allows a local attacker within a guest VM to escalate privileges or bypass access controls on shared folders, potentially exposing sensitive corporate data or enabling further lateral movement within the virtualized infrastructure. This could compromise confidentiality by unauthorized data access, integrity by unauthorized modification of files, and availability if critical shared resources are disrupted. Organizations relying on VMware virtualization for critical workloads, including financial institutions, government agencies, and enterprises with sensitive intellectual property, are at risk if they have not updated or mitigated this vulnerability. The threat is more pronounced in multi-tenant or shared hosting environments where multiple users have local access to guest VMs, increasing the likelihood of malicious insiders or compromised accounts exploiting this flaw.

Mitigation Recommendations

Upgrade open-vm-tools to the latest available version where this vulnerability is addressed. Since the affected version is from 2009, ensure that all guest VMs run current, supported versions of open-vm-tools. Implement strict access controls and monitoring on guest virtual machines to limit local user privileges and detect suspicious activities related to mounting shared folders. Disable or restrict the use of VMware shared folders (hgfs) in environments where they are not essential, thereby reducing the attack surface. Apply host-level security controls to isolate guest VMs and prevent lateral movement in case of compromise. Regularly audit and verify symbolic link handling and file system permissions within guest VMs to detect potential exploitation attempts. In environments where legacy systems must be maintained, consider compensating controls such as application whitelisting, enhanced logging, and network segmentation to mitigate risk. Educate system administrators and security teams about the risks associated with outdated virtualization tools and the importance of timely patching.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
mitre
Date Reserved
2009-03-25T00:00:00.000Z
Cisa Enriched
true

Threat ID: 682d983ec4522896dcbefb83

Added to database: 5/21/2025, 9:09:18 AM

Last enriched: 6/22/2025, 6:37:51 AM

Last updated: 7/26/2025, 12:15:02 AM

Views: 8

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats