Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:43135
HistorySep 05, 2023 - 4:39 a.m.

Man-in-the-Middle (MitM)

2023-09-0504:39:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
26
man-in-the-middle
open-vm-tools
saml token
vmware tools
guest operations
esxi host

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%

open-vm-tools is vulnerable to Man-in-the-Middle (MitM) attacks. This vulnerability can be exploited by an attacker with man-in-the-middle (MITM) network positioning between vCenter and the ESXi host hosting the virtual machine to bypass SAML token signature verification, to perform VMware Tools Guest Operations.

CVSS3

7.5

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.9%