CVE-2023-20867 - OpenCVE

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Attack Vector Local

Attack Complexity High

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Vmware	Tools

Configuration 1 [-]

cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:10.0:::::::*
	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:debian:debian_linux:12.0:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:fedoraproject:fedora:37:::::::*
	cpe:2.3:o:fedoraproject:fedora:38:::::::*
	cpe:2.3:o:fedoraproject:fedora:39:::::::*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/10/16/11	Mailing List Patch
http://www.openwall.com/lists/oss-security/2023/10/16/2	Mailing List Patch
https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/	Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/	Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/	Mailing List Release Notes
https://security.netapp.com/advisory/ntap-20230725-0001/	Third Party Advisory
https://www.debian.org/security/2023/dsa-5493	Mailing List Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2023-0013.html	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: vmware

Published: 2023-06-13T16:47:21.689Z

Updated: 2023-06-13T16:47:30.401Z

Reserved: 2022-11-01T15:41:50.390Z

Link: CVE-2023-20867

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-13T17:15:14.070

Modified: 2024-06-27T19:05:20.020

Link: CVE-2023-20867

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-20867", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2022-11-01T15:41:50.390Z", "datePublished": "2023-06-13T16:47:21.689Z", "dateUpdated": "2023-06-13T16:47:30.401Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows", "Linux"], "product": "VMware Tools", "vendor": "VMware", "versions": [{"status": "unaffected", "version": "12.2.5"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."}], "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2023-06-13T16:47:30.401Z"}, "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"}, {"url": "https://security.netapp.com/advisory/ntap-20230725-0001/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"}, {"url": "https://www.debian.org/security/2023/dsa-5493"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"}, {"url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"}], "source": {"advisory": "VMSA-2023-0013", "discovery": "EXTERNAL"}, "title": "VMware Tools Authentication Bypass Vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"cisaActionDue": "2023-07-14", "cisaExploitAdd": "2023-06-23", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "VMware Tools Authentication Bypass Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E0027C7-536C-42DC-A0FA-7215968B3E1B", "versionEndExcluding": "12.2.5", "versionStartIncluding": "10.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine."}, {"lang": "es", "value": "Un host ESXi totalmente comprometido puede obligar a VMware Tools a no poder autenticar las operaciones de host a invitado, lo que afecta la confidencialidad y la integridad de la m\u00e1quina virtual invitada."}], "id": "CVE-2023-20867", "lastModified": "2024-06-27T19:05:20.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.9, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 2.7, "source": "security@vmware.com", "type": "Secondary"}]}, "published": "2023-06-13T17:15:14.070", "references": [{"source": "security@vmware.com", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2023/10/16/11"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Patch"], "url": "http://www.openwall.com/lists/oss-security/2023/10/16/2"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"}, {"source": "security@vmware.com", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20230725-0001/"}, {"source": "security@vmware.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5493"}, {"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2023-0013.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-287"}], "source": "security@vmware.com", "type": "Secondary"}]}