CVE-2023-20867
published 2023-06-13CVE-2023-20867: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest…
low3.9CVSS 3.1
AVLACHPRHUINSCCLILAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2023-07-14
Exploited in the wild
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | open-vm-tools | < open-vm-tools 2:12.2.0-1+deb12u1 (bookworm) | open-vm-tools 2:12.2.0-1+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| vmware | open-vm-tools | >= 0 < 2:11.2.5-2+deb11u2 | 2:11.2.5-2+deb11u2 |
| vmware | open-vm-tools | >= 0 < 2:12.2.0-1+deb12u1 | 2:12.2.0-1+deb12u1 |
| vmware | open-vm-tools | >= 0 < 2:12.2.5-1 | 2:12.2.5-1 |
| vmware | open-vm-tools | >= 0 < 2:12.2.5-1 | 2:12.2.5-1 |
| vmware | open-vm-tools | >= 0 < 2:11.3.0-2ubuntu0~ubuntu20.04.5 | 2:11.3.0-2ubuntu0~ubuntu20.04.5 |
| vmware | open-vm-tools | >= 0 < 2:12.1.5-3~ubuntu0.22.04.2 | 2:12.1.5-3~ubuntu0.22.04.2 |
| vmware | open-vm-tools | >= 0 < 2:10.2.0-3~ubuntu0.16.04.1+esm2 | 2:10.2.0-3~ubuntu0.16.04.1+esm2 |
| vmware | open-vm-tools | >= 0 < 2:11.0.5-4ubuntu0.18.04.3+esm1 | 2:11.0.5-4ubuntu0.18.04.3+esm1 |
| vmware | tools | >= 10.3.0 < 12.2.5 | 12.2.5 |
CVSS provenance
nvdv3.13.9LOWCVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
osv3.9LOW
vulncheck3.9LOW
cisa3.9LOW