CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
34.9%
open-vm-tools is vulnerable to Man-in-the-Middle (MitM) attacks. This vulnerability can be exploited by an attacker with man-in-the-middle (MITM) network positioning between vCenter and the ESXi host hosting the virtual machine to bypass SAML token signature verification, to perform VMware Tools Guest Operations.
www.openwall.com/lists/oss-security/2023/08/31/1
www.openwall.com/lists/oss-security/2023/10/27/1
lists.debian.org/debian-lts-announce/2023/10/msg00000.html
lists.fedoraproject.org/archives/list/[email protected]/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/
lists.fedoraproject.org/archives/list/[email protected]/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/
lists.fedoraproject.org/archives/list/[email protected]/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.18/community.yaml
security.netapp.com/advisory/ntap-20231013-0002/
www.debian.org/security/2023/dsa-5493
www.vmware.com/security/advisories/VMSA-2023-0019.html