Lucene search

K
cve[email protected]CVE-2023-20867
HistoryJun 13, 2023 - 5:15 p.m.

CVE-2023-20867

2023-06-1317:15:14
CWE-287
web.nvd.nist.gov
620
In Wild
cve-2023-20867
esxi host
vmware tools
authentication failure
guest virtual machine
security vulnerability

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.005

Percentile

76.5%

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Affected configurations

NVD
Node
vmwaretoolsRange10.3.012.2.5
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
OR
debiandebian_linuxMatch12.0
Node
fedoraprojectfedoraMatch37
OR
fedoraprojectfedoraMatch38
OR
fedoraprojectfedoraMatch39
CPENameOperatorVersion
vmware:toolsvmware toolslt12.2.5

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows",
      "Linux"
    ],
    "product": "VMware Tools",
    "vendor": "VMware",
    "versions": [
      {
        "status": "unaffected",
        "version": "12.2.5"
      }
    ]
  }
]

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AI Score

4.7

Confidence

High

EPSS

0.005

Percentile

76.5%