CVE-2023-20900

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-20900
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-08-31 10:15:00 UTC
Updated2024-01-12 20:41:00 UTC
DescriptionA malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Risk And Classification

Problem Types: CWE-294

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Debian Debian Linux 12.0 All All All
Operating System Fedoraproject Fedora 37 All All All
Operating System Fedoraproject Fedora 38 All All All
Operating System Fedoraproject Fedora 39 All All All
Operating System Linux Linux Kernel - All All All
Operating System Microsoft Windows - All All All
Application Netapp Ontap Select Deploy Administration Utility - All All All
Application Vmware Open Vm Tools All All All All
Application Vmware Tools All All All All

References

ReferenceSourceLinkTags
[SECURITY] Fedora 37 Update: open-vm-tools-12.3.0-1.fc37 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
[SECURITY] [DLA 3597-1] open-vm-tools security update MISC lists.debian.org
Debian -- Security Information -- DSA-5493-1 open-vm-tools MISC www.debian.org
VMSA-2023-0019 MISC www.vmware.com
oss-security - CVE-2023-34058 - SAML Token Signature Bypass in open-vm-tools MISC www.openwall.com
[SECURITY] Fedora 39 Update: open-vm-tools-12.3.0-1.fc39 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
CVE-2023-20900 VMware Tools Vulnerability in NetApp Products | NetApp Product Security MISC security.netapp.com
oss-security - [Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900) MISC www.openwall.com
[SECURITY] Fedora 38 Update: open-vm-tools-12.3.0-1.fc38 - package-announce - Fedora Mailing-Lists MISC lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160924 Oracle Enterprise Linux Security Update for open-vm-tools (ELSA-2023-5217)
  • 160936 Oracle Enterprise Linux Security Update for open-vm-tools (ELSA-2023-5313)
  • 160937 Oracle Enterprise Linux Security Update for open-vm-tools (ELSA-2023-5312)
  • 199782 Ubuntu Security Notification for Open VM Tools Vulnerability (USN-6365-2)
  • 242056 Red Hat Update for open-vm-tools (RHSA-2023:5218)
  • 242058 Red Hat Update for open-vm-tools (RHSA-2023:5210)
  • 242063 Red Hat Update for open-vm-tools (RHSA-2023:5217)
  • 242064 Red Hat Update for open-vm-tools (RHSA-2023:5220)
  • 242065 Red Hat Update for open-vm-tools (RHSA-2023:5213)
  • 242066 Red Hat Update for open-vm-tools (RHSA-2023:5216)
  • 242080 Red Hat Update for open-vm-tools (RHSA-2023:5312)
  • 242081 Red Hat Update for open-vm-tools (RHSA-2023:5313)
  • 257257 CentOS Security Update for open-vm-tools
  • 284506 Fedora Security Update for open (FEDORA-2023-df375d0634)
  • 284529 Fedora Security Update for open (FEDORA-2023-9b1a1023ac)
  • 285262 Fedora Security Update for open (FEDORA-2023-20b6ac4b6c)
  • 356110 Amazon Linux Security Advisory for open-vm-tools : ALAS2023-2023-350
  • 356154 Amazon Linux Security Advisory for open-vm-tools : ALAS2-2023-2250
  • 378888 Alibaba Cloud Linux Security Update for open-vm-tools (ALINUX2-SA-2023:0039)
  • 378926 Alibaba Cloud Linux Security Update for open-vm-tools (ALINUX3-SA-2023:0116)
  • 379090 IBM QRadar SIEM Multiple Security Vulnerabilities (7070736)
  • 506133 Alpine Linux Security Update for open-vm-tools
  • 6000023 Debian Security Update for open-vm-tools (DSA 5493-1)
  • 6000104 Debian Security Update for open-vm-tools (DLA 3597-1)
  • 6140189 AWS Bottlerocket Security Update for open-vm-tools (GHSA-q879-mrf6-4fg3)
  • 754931 SUSE Enterprise Linux Security Update for open-vm-tools (SUSE-SU-2023:3795-1)
  • 754955 SUSE Enterprise Linux Securitys update for open-vm-tools (SUSE-SU-2023:3835-1)
  • 941262 AlmaLinux Security Update for open-vm-tools (ALSA-2023:5312)
  • 941270 AlmaLinux Security Update for open-vm-tools (ALSA-2023:5313)
  • 961021 Rocky Linux Security Update for open-vm-tools (RLSA-2023:5312)
  • 961023 Rocky Linux Security Update for open-vm-tools (RLSA-2023:5313)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report