Lucene search

K

GoogleOSV:USN-6365-2

HistorySep 25, 2023 - 10:55 a.m.

open-vm-tools vulnerability

2023-09-2510:55:21

Google

osv.dev

5

usn-6365-1

ubuntu 16.04 lts

ubuntu 18.04 lts

saml token

signature verification

vmware tools guest operations

open vm tools

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

USN-6365-1 fixed a vulnerability in Open VM Tools. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

Original advisory details:

It was discovered that Open VM Tools incorrectly handled SAML tokens. A
remote attacker could possibly use this issue to bypass SAML token
signature verification and perform VMware Tools Guest Operations.

References

ubuntu.com/security/CVE-2023-20900

ubuntu.com/security/notices/USN-6365-2

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

45.0%

Related for OSV:USN-6365-2

nessus36 redhat8 redos1 debian2 redhatcve1 oraclelinux3 rocky2 debiancve1 osv8 openvas15 amazon1 alpinelinux1 vmware2 veracode1 almalinux2 cve1 rosalinux1 cvelist1 nvd1 ubuntucve1 ubuntu2 prion1 photon3 fedora3 thn1 ibm3