Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2242
HistoryOct 10, 2023 - 9:32 a.m.

Advisory ROSA-SA-2023-2242

2023-10-1009:32:53
ROSA LAB
abf.rosalinux.ru
17
vulnerability
open-vm-tools
rosa-server79
cve-2023-20900
privilege escalation
remote attack
resolved
yum update
unix

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

34.9%

Software: open-vm-tools 11.0.5
OS: rosa-server79

package_evr_string: open-vm-tools-11.0.5-2.rv3.src.rpm

CVE-ID: CVE-2023-20900
BDU-ID: 2023-05064
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to the ability to bypass the SAML token signature. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges by implementing a man-in-the-middle attack
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update open-vm-tools command

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

34.9%