13 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . VMware Tools contiene una vulnerabilidad de omisión de firma de token SAML. Un actor malicioso al que se le han otorgado privilegios de operación de invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. A flaw was found in open-vm-tools. • http://www.openwall.com/lists/oss-security/2023/10/27/1 https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK https://www.debian.org/security/2023/ • CWE-347: Improper Verification of Cryptographic Signature CWE-1220: Insufficient Granularity of Access Control •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. VMware Tools contiene una vulnerabilidad de escalada de privilegios local. Un actor malintencionado con acceso de usuario local a una máquina virtual invitada puede elevar los privilegios dentro de la máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2023-0024.html • CWE-269: Improper Privilege Management •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . Un actor malicioso al que se le han otorgado Privilegios de Operación de Invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/ 07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html. An improper signature verification flaw was found in open-vm-tools that may lead to a bypass of SAML token signature. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias. • http://www.openwall.com/lists/oss-security/2023/08/31/1 http://www.openwall.com/lists/oss-security/2023/10/27/1 https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message& • CWE-294: Authentication Bypass by Capture-replay CWE-347: Improper Verification of Cryptographic Signature •

CVSS: 3.9EPSS: 0%CPEs: 7EXPL: 0

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la máquina virtual invitada. A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity. • http://www.openwall.com/lists/oss-security/2023/10/16/11 http://www.openwall.com/lists/oss-security/2023/10/16/2 https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message • CWE-287: Improper Authentication •

CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0

VMware Tools for Windows (12.x.y prior to 12.1.5, 11.x.y and 10.x.y) contains a denial-of-service vulnerability in the VM3DMP driver. A malicious actor with local user privileges in the Windows guest OS, where VMware Tools is installed, can trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS. • https://security.netapp.com/advisory/ntap-20221223-0009 https://security.netapp.com/advisory/ntap-20230824-0009 https://www.vmware.com/security/advisories/VMSA-2022-0029.html •