Lucene search

K
nvd[email protected]NVD:CVE-2023-20900
HistoryAug 31, 2023 - 10:15 a.m.

CVE-2023-20900

2023-08-3110:15:08
CWE-294
web.nvd.nist.gov
10
vmware vsphere
privilege elevation
guest operation privileges

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

34.9%

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html Β in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Affected configurations

Nvd
Node
vmwaretoolsRange10.3.0–12.3.0
AND
microsoftwindowsMatch-
Node
vmwaretoolsRange10.3.0–10.3.26
AND
linuxlinux_kernelMatch-
Node
vmwareopen_vm_toolsRange10.3.0–12.3.0
AND
linuxlinux_kernelMatch-
Node
fedoraprojectfedoraMatch37
OR
fedoraprojectfedoraMatch38
OR
fedoraprojectfedoraMatch39
Node
debiandebian_linuxMatch10.0
OR
debiandebian_linuxMatch11.0
OR
debiandebian_linuxMatch12.0
Node
netappontap_select_deploy_administration_utilityMatch-
VendorProductVersionCPE
vmwaretools*cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
vmwareopen_vm_tools*cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
fedoraprojectfedora38cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
fedoraprojectfedora39cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
debiandebian_linux11.0cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
debiandebian_linux12.0cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 111

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.1

Confidence

High

EPSS

0.001

Percentile

34.9%