CVE-2023-20867
VMware Tools Authentication Bypass Vulnerability
CVSS
—
Sin CVSS
EPSS
13.6%
p96
KEV
SÍ
23 jun 2023
Exploit Today
79
0-100
Publicado: — · Última mod.: —
Producto
VMware / Tools
Vulnerabilidad
VMware Tools Authentication Bypass Vulnerability
Añadido a KEV
23 jun 2023
Remediar antes de
14 jul 2023
Uso conocido en ransomware
No
Descripción resumida
VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.
Acción requerida
Apply updates per vendor instructions.
Notas
https://www.vmware.com/security/advisories/VMSA-2023-0013.html; https://nvd.nist.gov/vuln/detail/CVE-2023-20867
Sin CVEs relacionados por CWE o producto.