CVE-2023-20867

Опубликовано: 13 июн. 2023

Источник: redhat

CVSS3: 3.9

Описание

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity.

Отчет

Given the requirement that an attacker must have root access over ESXi to exploit the vulnerability, it is recommended to review access policies based on security best practices.

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-287

https://bugzilla.redhat.com/show_bug.cgi?id=2213087open-vm-tools: authentication bypass vulnerability in the vgauth module

3.9 Low

CVSS3

Связанные уязвимости

CVE-2023-20867

CVSS3: 3.9

ubuntu

около 2 лет назад

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CVE-2023-20867

CVSS3: 3.9

nvd

около 2 лет назад

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CVE-2023-20867

CVSS3: 3.9

debian

около 2 лет назад

A fully compromised ESXi host can force VMware Tools to fail to authen ...

SUSE-SU-2023:2604-2

suse-cvrf

почти 2 года назад

Security update for open-vm-tools

SUSE-SU-2023:2604-1

suse-cvrf

около 2 лет назад

Security update for open-vm-tools

3.9 Low

CVSS3