7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.0%
open-vm-tools is vulnerable to SAML Token Signature Bypass. An attacker could exploit this vulnerability by tricking a user into opening a specially crafted file or visiting a malicious website. The file or website would contain a specially crafted SAML token that would exploit the flaw in VMware Tools to bypass the signature verification process. The attacker could then use the token to authenticate to the virtual machine and gain unauthorized access.
www.openwall.com/lists/oss-security/2023/10/27/1
lists.debian.org/debian-lts-announce/2023/11/msg00002.html
lists.fedoraproject.org/archives/list/[email protected]/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/
lists.fedoraproject.org/archives/list/[email protected]/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/
lists.fedoraproject.org/archives/list/[email protected]/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/
security-tracker.debian.org/tracker/CVE-2023-34058
www.debian.org/security/2023/dsa-5543
www.vmware.com/security/advisories/VMSA-2023-0024.html
7.5 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.0%