Lucene search

K
cvelistVmwareCVELIST:CVE-2023-20900
HistoryAug 31, 2023 - 9:45 a.m.

CVE-2023-20900

2023-08-3109:45:43
vmware
www.cve.org
11
vmware
vsphere
guest operation privileges
guest alias
privilege escalation

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

34.9%

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html Β in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Windows"
    ],
    "product": "VMware Tools",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.x.x"
      },
      {
        "status": "affected",
        "version": "11.x.x"
      },
      {
        "status": "affected",
        "version": "10.3.x"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "VMware Tools",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "10.3.x"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "Linux"
    ],
    "product": "VMware Tools (open-vm-tools)",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.x.x"
      },
      {
        "status": "affected",
        "version": "11.x.x"
      },
      {
        "status": "affected",
        "version": "10.3.x"
      }
    ]
  }
]

CVSS3

7.1

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.7

Confidence

High

EPSS

0.001

Percentile

34.9%