Lucene search

K
redhatcveRedhat.comRH:CVE-2023-20867
HistoryJun 14, 2023 - 2:15 p.m.

CVE-2023-20867

2023-06-1414:15:25
redhat.com
access.redhat.com
32
flaw
open-vm-tools
esxi
authentication bypass
vgauth
compromised confidentiality

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

70.3%

A flaw was found in the open-vm-tools package. An attacker with root access privileges over ESXi may be able to cause an authentication bypass in the vgauth module. This may lead to compromised confidentiality and integrity.

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

70.3%