Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-20900
HistoryAug 31, 2023 - 12:00 a.m.

CVE-2023-20900

2023-08-3100:00:00
ubuntu.com
ubuntu.com
66
malicious actor
privilege elevation
virtual machine
guest alias
vmware

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%

A malicious actor that has been granted Guest Operation Privileges
https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html
in a target virtual machine may be able to elevate their privileges if that
target virtual machine has been assigned a more privileged Guest Alias
https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html
.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopen-vm-tools< 2:11.0.5-4ubuntu0.18.04.3+esm2UNKNOWN
ubuntu20.04noarchopen-vm-tools< 2:11.3.0-2ubuntu0~ubuntu20.04.6UNKNOWN
ubuntu22.04noarchopen-vm-tools< 2:12.1.5-3~ubuntu0.22.04.3UNKNOWN
ubuntu23.04noarchopen-vm-tools< 2:12.1.5-3ubuntu0.23.04.2UNKNOWN
ubuntu23.10noarchopen-vm-tools< 2:12.2.5-1ubuntu1UNKNOWN
ubuntu16.04noarchopen-vm-tools< 2:10.2.0-3~ubuntu0.16.04.1+esm3UNKNOWN

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%