Lucene search

K
cvelistVmwareCVELIST:CVE-2023-20900
HistoryAug 31, 2023 - 9:45 a.m.

CVE-2023-20900

2023-08-3109:45:43
vmware
www.cve.org
3
vmware
vsphere
guest operation privileges
guest alias
privilege escalation

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html Β in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "VMware Tools",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.x.x"
      },
      {
        "status": "affected",
        "version": "11.x.x"
      },
      {
        "status": "affected",
        "version": "10.3.x"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "VMware Tools",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.x"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "VMware Tools (open-vm-tools)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.x.x"
      },
      {
        "status": "affected",
        "version": "11.x.x"
      },
      {
        "status": "affected",
        "version": "10.3.x"
      }
    ]
  }
]

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.9%