⚠ Actively exploited
Added to CISA KEV on 2023-06-23. Federal agencies required to patch by 2023-07-14. Required action: Apply updates per vendor instructions..
CVE-2023-20867
Severity
3.9LOW
EPSS
2.7%
top 14.07%
CISA KEV
KEV
Added 2023-06-23
Due 2023-07-14
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJun 13
KEV addedJun 23
KEV dueJul 14
Latest updateJul 27
CISA Required Action: Apply updates per vendor instructions.
Description
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:NExploitability: 0.8 | Impact: 2.7
Affected Packages3 packages
Also affects: Debian Linux 10.0, 11.0, 12.0, Fedora 37, 38, 39
Patches
🔴Vulnerability Details
5GHSA▶
GHSA-qm59-f7vh-3m2p: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of↗2023-06-13
OSV▶
CVE-2023-20867: A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of↗2023-06-13
📋Vendor Advisories
5VMware
▶
Debian▶
CVE-2023-20867: open-vm-tools - A fully compromised ESXi host can force VMware Tools to fail to authenticate hos...↗2023