Lucene search

K

Redhat.comRH:CVE-2023-34058

HistoryOct 30, 2023 - 1:43 p.m.

CVE-2023-34058

2023-10-3013:43:11

redhat.com

access.redhat.com

180

open-vm-tools

privilege escalation

guest alias

security flaw

cve-2023-34058

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.0%

A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.

References

bugzilla.redhat.com/show_bug.cgi?id=2246080

nvd.nist.gov/vuln/detail/CVE-2023-34058

www.cve.org/CVERecord?id=CVE-2023-34058

www.vmware.com/security/advisories/VMSA-2023-0024

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.0%

Related for RH:CVE-2023-34058

cvelist1 f51 cbl_mariner1 nessus35 nvd1 osv8 cve1 debiancve1 ubuntucve1 prion1 veracode1 ubuntu2 redhat10 openvas14 debian2 amazon1 almalinux2 fedora3 freebsd1 rocky1 oraclelinux3 vmware1 centos1 photon3 mageia1 ibm3