CVE-2023-20867
VMware Tools Authentication Bypass Vulnerability
CVSS
—
No CVSS
EPSS
13.6%
p96
KEV
YES
Jun 23, 2023
Exploit Today
79
0-100
Published: — · Last modified: —
Product
VMware / Tools
Vulnerability
VMware Tools Authentication Bypass Vulnerability
Added to KEV
Jun 23, 2023
Remediate by
Jul 14, 2023
Known ransomware use
No
Summary description
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.
Required action
Apply updates per vendor instructions.
Notes
https://www.vmware.com/security/advisories/VMSA-2023-0013.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20867
No related CVEs by CWE or product.