CVE-2023-20867

moderate-risk

Published 2023-06-13

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Do I need to act?

2.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 3.9/10 Low

LOCAL / HIGH complexity

Affected Products (7)

Tools

Debian Linux

Fedora

Affected Vendors

Debian Vmware Fedoraproject

References (19)

Mailing List http://www.openwall.com/lists/oss-security/2023/10/16/11

Mailing List http://www.openwall.com/lists/oss-security/2023/10/16/2

Mailing List https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20230725-0001/

Mailing List https://www.debian.org/security/2023/dsa-5493

Patch https://www.vmware.com/security/advisories/VMSA-2023-0013.html

Mailing List http://www.openwall.com/lists/oss-security/2023/10/16/11

Mailing List http://www.openwall.com/lists/oss-security/2023/10/16/2

Mailing List https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html

Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...

Third Party Advisory https://security.netapp.com/advisory/ntap-20230725-0001/

Mailing List https://www.debian.org/security/2023/dsa-5493

Patch https://www.vmware.com/security/advisories/VMSA-2023-0013.html

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-...

/ 100

moderate-risk

Severity 10/34 · Low

Exploitability 13/34 · Low

Exposure 14/34 · Moderate