CVE-2023-20867
VMware Tools Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la máquina virtual invitada.
A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity.
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-01 CVE Reserved
- 2023-06-13 CVE Published
- 2023-06-23 Exploited in Wild
- 2023-07-14 KEV Due Date
- 2024-08-02 CVE Updated
- 2024-11-10 EPSS Updated
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
- CAPEC-115: Authentication Bypass
References (11)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2023/10/16/11 | 2024-06-27 | |
| http://www.openwall.com/lists/oss-security/2023/10/16/2 | 2024-06-27 | |
| https://www.vmware.com/security/advisories/VMSA-2023-0013.html | 2024-06-27 |
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-20867 | 2023-06-29 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2213087 | 2023-06-29 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Tools Search vendor "Vmware" for product "Tools" | >= 10.3.0 < 12.2.5 Search vendor "Vmware" for product "Tools" and version " >= 10.3.0 < 12.2.5" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 12.0 Search vendor "Debian" for product "Debian Linux" and version "12.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 37 Search vendor "Fedoraproject" for product "Fedora" and version "37" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 38 Search vendor "Fedoraproject" for product "Fedora" and version "38" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 39 Search vendor "Fedoraproject" for product "Fedora" and version "39" | - |
Affected
| ||||||