Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:42529
HistoryAug 07, 2023 - 12:01 a.m.

Authentication Bypass

2023-08-0700:01:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
31
esxi
vmware tools
authentication bypass
confidentiality
integrity
guest virtual machine

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

70.3%

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Affected configurations

Vulners
Node
-open-vm-tools\Matchsid2\11.2.0-1
OR
-open-vm-tools\Matchsid2\11.2.5-2
OR
-open-vm-tools\Matchbuster2\10.3.10-1+deb10u2
OR
vmwareopen_vm_toolsMatch12.2.0-r0
OR
-open-vm-tools\Matchedge11.3.5-r0
OR
-open-vm-tools\Matchedge11.2.5-r0
OR
-open-vm-tools\Matchedge12.2.0-r0
OR
-open-vm-tools\Matchedge11.0.5-r0
OR
-open-vm-tools\Matchedge12.1.5-r0
OR
-open-vm-tools\Matchedge11.2.5-r1
OR
-open-vm-tools\Matchedge12.1.5-r1
OR
-open-vm-tools\Matchedge12.0.0-r0
OR
-open-vm-tools\Matchedge11.2.0-r0
OR
-open-vm-tools\Matchedge11.1.0-r3
OR
-open-vm-tools\Matchedge12.1.0-r0
OR
-open-vm-tools\Matchedge12.0.5-r1
OR
-open-vm-tools\Matchedge12.0.5-r0
OR
-open-vm-tools\Matchedge11.0.5-r3
OR
-open-vm-tools\Matchedge12.2.0-r1
OR
-open-vm-tools\Matchedge11.0.5-r2
OR
-open-vm-tools\Matchbullseye2\11.2.0-1
OR
-open-vm-tools\Matchsid2\11.2.0-1
OR
-open-vm-tools\Matchsid2\11.2.5-2
OR
-open-vm-tools\Matchbuster2\10.3.10-1+deb10u2
OR
vmwareopen_vm_toolsMatch12.2.0-r0
OR
-open-vm-tools\Matchedge11.3.5-r0
OR
-open-vm-tools\Matchedge11.2.5-r0
OR
-open-vm-tools\Matchedge12.2.0-r0
OR
-open-vm-tools\Matchedge11.0.5-r0
OR
-open-vm-tools\Matchedge12.1.5-r0
OR
-open-vm-tools\Matchedge11.2.5-r1
OR
-open-vm-tools\Matchedge12.1.5-r1
OR
-open-vm-tools\Matchedge12.0.0-r0
OR
-open-vm-tools\Matchedge11.2.0-r0
OR
-open-vm-tools\Matchedge11.1.0-r3
OR
-open-vm-tools\Matchedge12.1.0-r0
OR
-open-vm-tools\Matchedge12.0.5-r1
OR
-open-vm-tools\Matchedge12.0.5-r0
OR
-open-vm-tools\Matchedge11.0.5-r3
OR
-open-vm-tools\Matchedge12.2.0-r1
OR
-open-vm-tools\Matchedge11.0.5-r2
OR
-open-vm-tools\Matchbullseye2\11.2.0-1
VendorProductVersionCPE
-open-vm-tools\sidcpe:2.3:a:-:open-vm-tools\:sid:2\:11.2.0-1:*:*:*:*:*:*:*
-open-vm-tools\sidcpe:2.3:a:-:open-vm-tools\:sid:2\:11.2.5-2:*:*:*:*:*:*:*
-open-vm-tools\bustercpe:2.3:a:-:open-vm-tools\:buster:2\:10.3.10-1+deb10u2:*:*:*:*:*:*:*
vmwareopen_vm_tools12.2.0-r0cpe:2.3:a:vmware:open_vm_tools:12.2.0-r0:*:*:*:*:*:*:*
-open-vm-tools\edgecpe:2.3:a:-:open-vm-tools\:edge:11.3.5-r0:*:*:*:*:*:*:*
-open-vm-tools\edgecpe:2.3:a:-:open-vm-tools\:edge:11.2.5-r0:*:*:*:*:*:*:*
-open-vm-tools\edgecpe:2.3:a:-:open-vm-tools\:edge:12.2.0-r0:*:*:*:*:*:*:*
-open-vm-tools\edgecpe:2.3:a:-:open-vm-tools\:edge:11.0.5-r0:*:*:*:*:*:*:*
-open-vm-tools\edgecpe:2.3:a:-:open-vm-tools\:edge:12.1.5-r0:*:*:*:*:*:*:*
-open-vm-tools\edgecpe:2.3:a:-:open-vm-tools\:edge:11.2.5-r1:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

CVSS3

3.9

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

EPSS

0.003

Percentile

70.3%