CVE-2023-34059
published 2023-10-27CVE-2023-34059: open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack…
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | open-vm-tools | < open-vm-tools 2:12.2.0-1+deb12u2 (bookworm) | open-vm-tools 2:12.2.0-1+deb12u2 (bookworm) |
| msrc | cbl2_open-vm-tools_11.3.0-3_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| paloalto | pan-os | — | — |
| vmware | open-vm-tools | >= 0 < 2:11.2.5-2+deb11u3 | 2:11.2.5-2+deb11u3 |
| vmware | open-vm-tools | >= 0 < 2:12.2.0-1+deb12u2 | 2:12.2.0-1+deb12u2 |
| vmware | open-vm-tools | >= 0 < 2:12.3.5-1 | 2:12.3.5-1 |
| vmware | open-vm-tools | >= 0 < 2:12.3.5-1 | 2:12.3.5-1 |
| vmware | open-vm-tools | >= 0 < 2:11.3.0-2ubuntu0~ubuntu20.04.7 | 2:11.3.0-2ubuntu0~ubuntu20.04.7 |
| vmware | open-vm-tools | >= 0 < 2:12.1.5-3~ubuntu0.22.04.4 | 2:12.1.5-3~ubuntu0.22.04.4 |
| vmware | open-vm-tools | >= 0 < 2:9.4.0-1280544-5ubuntu6.4+esm1 | 2:9.4.0-1280544-5ubuntu6.4+esm1 |
| vmware | open-vm-tools | >= 0 < 2:10.2.0-3~ubuntu0.16.04.1+esm4 | 2:10.2.0-3~ubuntu0.16.04.1+esm4 |
| vmware | open-vm-tools | >= 0 < 2:11.0.5-4ubuntu0.18.04.3+esm3 | 2:11.0.5-4ubuntu0.18.04.3+esm3 |
| vmware | open_vm_tools | 11.0.0 – 12.3.0 | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.5HIGH