CVE-2023-34058

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2023-34058
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-10-27 05:15:00 UTC
Updated2024-02-01 02:29:00 UTC
DescriptionVMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Risk And Classification

Problem Types: CWE-347

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Operating System Debian Debian Linux 11.0 All All All
Operating System Debian Debian Linux 12.0 All All All
Operating System Fedoraproject Fedora 37 All All All
Operating System Fedoraproject Fedora 38 All All All
Operating System Fedoraproject Fedora 39 All All All
Operating System Microsoft Windows - All All All
Application Vmware Open Vm Tools All All All All
Application Vmware Tools All All All All

References

ReferenceSourceLinkTags
VMSA-2023-0024 MISC www.vmware.com
[SECURITY] Fedora 39 Update: open-vm-tools-12.3.0-3.fc39 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 38 Update: open-vm-tools-12.3.0-3.fc38 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
oss-security - CVE-2023-34058 - SAML Token Signature Bypass in open-vm-tools MISC www.openwall.com
Debian -- Security Information -- DSA-5543-1 open-vm-tools MISC www.debian.org
[SECURITY] Fedora 37 Update: open-vm-tools-12.3.0-3.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] [DLA 3646-1] open-vm-tools security update MISC lists.debian.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 161132 Oracle Enterprise Linux Security Update for open-vm-tools (ELSA-2023-7279)
  • 161133 Oracle Enterprise Linux Security Update for open-vm-tools (ELSA-2023-7277)
  • 161157 Oracle Enterprise Linux Security Update for open-vm-tools (ELSA-2023-7265)
  • 199880 Ubuntu Security Notification for Open VM Tools Vulnerabilities (USN-6463-1)
  • 199985 Ubuntu Security Notification for Open VM Tools Vulnerability (USN-6463-2)
  • 242467 Red Hat Update for open-vm-tools (RHSA-2023:7279)
  • 242471 Red Hat Update for open-vm-tools (RHSA-2023:7265)
  • 242472 Red Hat Update for open-vm-tools (RHSA-2023:7277)
  • 242473 Red Hat Update for open-vm-tools (RHSA-2023:7264)
  • 242474 Red Hat Update for open-vm-tools (RHSA-2023:7276)
  • 242475 Red Hat Update for open-vm-tools (RHSA-2023:7267)
  • 242596 Red Hat Update for open-vm-tools (RHSA-2023:7262)
  • 242601 Red Hat Update for open-vm-tools (RHSA-2023:7263)
  • 242608 Red Hat Update for open-vm-tools (RHSA-2023:7260)
  • 242619 Red Hat Update for open-vm-tools (RHSA-2023:7261)
  • 257282 CentOS Security Update for open-vm-tools (CESA-2023:7279)
  • 284713 Fedora Security Update for open (FEDORA-2023-1ed0ec0035)
  • 284714 Fedora Security Update for open (FEDORA-2023-08e2bb6815)
  • 285163 Fedora Security Update for open (FEDORA-2023-86a50ffc72)
  • 356608 Amazon Linux Security Advisory for open-vm-tools : ALAS2-2023-2329
  • 356636 Amazon Linux Security Advisory for open-vm-tools : ALAS2023-2023-423
  • 378979 VMware Tools Multiple Security Vulnerability (VMSA-2023-0024)
  • 379041 Alibaba Cloud Linux Security Update for open-vm-tools (ALINUX2-SA-2023:0048)
  • 379196 Alibaba Cloud Linux Security Update for open-vm-tools (ALINUX3-SA-2023:0140)
  • 6000262 Debian Security Update for open-vm-tools (DLA 3646-1)
  • 6000314 Debian Security Update for open-vm-tools (DSA 5543-1)
  • 691343 Free Berkeley Software Distribution (FreeBSD) Security Update for open (d2505ec7-78ea-11ee-9131-6f01853956d5)
  • 755172 SUSE Enterprise Linux Security Update for open-vm-tools (SUSE-SU-2023:4230-1)
  • 755173 SUSE Enterprise Linux Security Update for open-vm-tools (SUSE-SU-2023:4229-1)
  • 755174 SUSE Enterprise Linux Security Update for open-vm-tools (SUSE-SU-2023:4228-1)
  • 755175 SUSE Enterprise Linux Security Update for open-vm-tools (SUSE-SU-2023:4227-1)
  • 941417 AlmaLinux Security Update for open-vm-tools (ALSA-2023:7277)
  • 941477 AlmaLinux Security Update for open-vm-tools (ALSA-2023:7265)
  • 961081 Rocky Linux Security Update for open-vm-tools (RLSA-2023:7265)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report