Vulnerabilites related to vmware - open_vm_tools
cve-2023-20900
Vulnerability from cvelistv5
Published
2023-08-31 09:45
Modified
2024-08-02 09:21
Severity ?
EPSS score ?
Summary
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware Tools |
Version: 12.x.x Version: 11.x.x Version: 10.3.x |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:21:33.112Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0019.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/08/31/1", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5493", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html", }, { tags: [ "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20231013-0002/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "VMware Tools", vendor: "n/a", versions: [ { status: "affected", version: "12.x.x", }, { status: "affected", version: "11.x.x", }, { status: "affected", version: "10.3.x", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "VMware Tools", vendor: "n/a", versions: [ { status: "affected", version: "10.3.x", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "VMware Tools (open-vm-tools)", vendor: "n/a", versions: [ { status: "affected", version: "12.x.x", }, { status: "affected", version: "11.x.x", }, { status: "affected", version: "10.3.x", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "A malicious actor that has been granted <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html\">Guest Operation Privileges</a> in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged <a target=\"_blank\" rel=\"nofollow\" href=\"https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html\">Guest Alias</a>.", }, ], value: "A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "SAML Token Signature Bypass vulnerability", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-17T04:34:34.974Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0019.html", }, { url: "http://www.openwall.com/lists/oss-security/2023/08/31/1", }, { url: "https://www.debian.org/security/2023/dsa-5493", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/", }, { url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html", }, { url: "https://security.netapp.com/advisory/ntap-20231013-0002/", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2023-20900", datePublished: "2023-08-31T09:45:43.130Z", dateReserved: "2022-11-01T15:41:50.396Z", dateUpdated: "2024-08-02T09:21:33.112Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34059
Vulnerability from cvelistv5
Published
2023-10-27 04:53
Modified
2025-03-06 15:39
Severity ?
EPSS score ?
Summary
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | open-vm-tools |
Version: 11.0.0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:53.454Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/3", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/2", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5543", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/26/1", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/11/27/1", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34059", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T15:38:04.511035Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-404", description: "CWE-404 Improper Resource Shutdown or Release", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-06T15:39:21.712Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://www.openwall.com/lists/oss-security/2023/10/27/3", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "open-vm-tools", vendor: "n/a", versions: [ { lessThanOrEqual: "12.3.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.", }, ], value: "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "File descriptor hijack vulnerability", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-27T12:06:18.391Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/27/3", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/27/2", }, { url: "https://www.debian.org/security/2023/dsa-5543", }, { url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/26/1", }, { url: "http://www.openwall.com/lists/oss-security/2023/11/27/1", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2023-34059", datePublished: "2023-10-27T04:53:31.893Z", dateReserved: "2023-05-25T17:21:56.204Z", dateUpdated: "2025-03-06T15:39:21.712Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-1142
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2025-04-25 20:50
Severity ?
EPSS score ?
Summary
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:04:49.297Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://bugs.gentoo.org/264577", }, { tags: [ "x_transferred", ], url: "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2009-1142", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-04-25T20:49:01.377851Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-59", description: "CWE-59 Improper Link Resolution Before File Access ('Link Following')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-04-25T20:50:09.805Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-11-23T00:00:00.000Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://bugs.gentoo.org/264577", }, { url: "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-1142", datePublished: "2022-11-23T00:00:00.000Z", dateReserved: "2009-03-25T00:00:00.000Z", dateUpdated: "2025-04-25T20:50:09.805Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34058
Vulnerability from cvelistv5
Published
2023-10-27 04:53
Modified
2025-03-06 15:40
Severity ?
EPSS score ?
Summary
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | n/a | VMware Tools |
Version: 12.x.x Version: 11.x.x Version: 10.3.x |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:52.447Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, { tags: [ "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, { tags: [ "x_transferred", ], url: "https://www.debian.org/security/2023/dsa-5543", }, { tags: [ "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { tags: [ "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34058", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-06T15:26:48.404064Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-347", description: "CWE-347 Improper Verification of Cryptographic Signature", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-06T15:40:20.221Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Windows", ], product: "VMware Tools", vendor: "n/a", versions: [ { status: "affected", version: "12.x.x", }, { status: "affected", version: "11.x.x", }, { status: "affected", version: "10.3.x", }, ], }, { defaultStatus: "unaffected", platforms: [ "Linux", ], product: "open-vm-tools", vendor: "n/a", versions: [ { lessThanOrEqual: "12.3.0", status: "affected", version: "11.0.0", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted <a target=\"_blank\" rel=\"nofollow\" href=\"https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html\">Guest Operation Privileges</a> in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged <a target=\"_blank\" rel=\"nofollow\" href=\"https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html\">Guest Alias</a>.", }, ], value: "VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { description: "SAML Token Signature Bypass vulnerability", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-11-17T04:34:05.439Z", orgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", shortName: "vmware", }, references: [ { url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, { url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, { url: "https://www.debian.org/security/2023/dsa-5543", }, { url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, ], source: { discovery: "UNKNOWN", }, x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "dcf2e128-44bd-42ed-91e8-88f912c1401d", assignerShortName: "vmware", cveId: "CVE-2023-34058", datePublished: "2023-10-27T04:53:09.935Z", dateReserved: "2023-05-25T17:21:56.204Z", dateUpdated: "2025-03-06T15:40:20.221Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2022-11-23 18:15
Modified
2025-04-25 21:15
Severity ?
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.7 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://bugs.gentoo.org/264577 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/264577 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848 | Release Notes, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | open_vm_tools | 2009.03.18-154848 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:open_vm_tools:2009.03.18-154848:*:*:*:*:*:*:*", matchCriteriaId: "197BDD7B-6A34-4E9E-B4FC-E8651B3070B8", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled.", }, { lang: "es", value: "Se descubrió un problema en open-vm-tools 2009.03.18-154848. Los usuarios locales pueden obtener privilegios mediante un ataque de symlink en archivos /tmp si vmware-user-suid-wrapper tiene setuid root y la función ChmodChownDirectory está habilitada.", }, ], id: "CVE-2009-1142", lastModified: "2025-04-25T21:15:16.083", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 0.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2022-11-23T18:15:10.770", references: [ { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.gentoo.org/264577", }, { source: "cve@mitre.org", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://bugs.gentoo.org/264577", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/vmware/open-vm-tools/releases/tag/2009.03.18-154848", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-59", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-59", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-08-31 10:15
Modified
2024-11-21 07:41
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | tools | * | |
| microsoft | windows | - | |
| vmware | tools | * | |
| linux | linux_kernel | - | |
| vmware | open_vm_tools | * | |
| linux | linux_kernel | - | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| netapp | ontap_select_deploy_administration_utility | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*", matchCriteriaId: "760FD9D8-9866-4EAE-AA33-8D043AA8C043", versionEndExcluding: "12.3.0", versionStartIncluding: "10.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*", matchCriteriaId: "D42F54B9-EF73-47F8-8914-383B974AA501", versionEndExcluding: "10.3.26", versionStartIncluding: "10.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "E93872A3-3D1E-4A62-B5E2-170E46571997", versionEndExcluding: "12.3.0", versionStartIncluding: "10.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", matchCriteriaId: "E7CF3019-975D-40BB-A8A4-894E62BD3797", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .", }, { lang: "es", value: "Un actor malicioso al que se le han otorgado Privilegios de Operación de Invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/ 07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html.", }, ], id: "CVE-2023-20900", lastModified: "2024-11-21T07:41:47.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "security@vmware.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-08-31T10:15:08.247", references: [ { source: "security@vmware.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/08/31/1", }, { source: "security@vmware.com", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, { source: "security@vmware.com", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html", }, { source: "security@vmware.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/", }, { source: "security@vmware.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/", }, { source: "security@vmware.com", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231013-0002/", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5493", }, { source: "security@vmware.com", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0019.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/08/31/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.netapp.com/advisory/ntap-20231013-0002/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5493", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0019.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-294", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-27 05:15
Modified
2025-03-06 16:15
Severity ?
7.4 (High) - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the
/dev/uinput file descriptor allowing them to simulate user inputs.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | open_vm_tools | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "9713E664-EA87-4236-B75E-8C44D5791E70", versionEndIncluding: "12.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the \n/dev/uinput file descriptor allowing them to simulate user inputs.", }, { lang: "es", value: "open-vm-tools contiene una vulnerabilidad de secuestro de descriptores de archivos en vmware-user-suid-wrapper. Un actor malintencionado con privilegios no root puede secuestrar el descriptor del archivo /dev/uinput, permitiéndole simular las entradas del usuario.", }, ], id: "CVE-2023-34059", lastModified: "2025-03-06T16:15:42.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.4, impactScore: 5.9, source: "security@vmware.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-27T05:15:39.013", references: [ { source: "security@vmware.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/2", }, { source: "security@vmware.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/3", }, { source: "security@vmware.com", url: "http://www.openwall.com/lists/oss-security/2023/11/26/1", }, { source: "security@vmware.com", url: "http://www.openwall.com/lists/oss-security/2023/11/27/1", }, { source: "security@vmware.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { source: "security@vmware.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { source: "security@vmware.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, { source: "security@vmware.com", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5543", }, { source: "security@vmware.com", tags: [ "Not Applicable", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/3", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/11/26/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2023/11/27/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Not Applicable", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", url: "https://www.openwall.com/lists/oss-security/2023/10/27/3", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-404", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2023-10-27 05:15
Modified
2025-03-06 16:15
Severity ?
7.1 (High) - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| vmware | open_vm_tools | * | |
| debian | debian_linux | 10.0 | |
| debian | debian_linux | 11.0 | |
| debian | debian_linux | 12.0 | |
| vmware | tools | * | |
| microsoft | windows | - | |
| fedoraproject | fedora | 37 | |
| fedoraproject | fedora | 38 | |
| fedoraproject | fedora | 39 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:open_vm_tools:*:*:*:*:*:*:*:*", matchCriteriaId: "9713E664-EA87-4236-B75E-8C44D5791E70", versionEndIncluding: "12.3.0", versionStartIncluding: "11.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", matchCriteriaId: "FA6FEEC2-9F11-4643-8827-749718254FED", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", matchCriteriaId: "46D69DCC-AE4D-4EA5-861C-D60951444C6C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:vmware:tools:*:*:*:*:*:*:*:*", matchCriteriaId: "D481D9E3-54C4-4D0E-9B3D-F863650CECD6", versionEndExcluding: "12.3.5", versionStartIncluding: "10.3.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", matchCriteriaId: "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", matchCriteriaId: "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", matchCriteriaId: "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .", }, { lang: "es", value: "VMware Tools contiene una vulnerabilidad de omisión de firma de token SAML. Un actor malicioso al que se le han otorgado privilegios de operación de invitado https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html en una máquina virtual de destino es posible que pueda elevar sus privilegios si a esa máquina virtual de destino se le ha asignado un Alias de Invitado más privilegiado https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html.", }, ], id: "CVE-2023-34058", lastModified: "2025-03-06T16:15:41.840", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 5.9, source: "security@vmware.com", type: "Secondary", }, { cvssData: { attackComplexity: "HIGH", attackVector: "ADJACENT_NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.6, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2023-10-27T05:15:38.957", references: [ { source: "security@vmware.com", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, { source: "security@vmware.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { source: "security@vmware.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { source: "security@vmware.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, { source: "security@vmware.com", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { source: "security@vmware.com", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5543", }, { source: "security@vmware.com", tags: [ "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", ], url: "http://www.openwall.com/lists/oss-security/2023/10/27/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2023/11/msg00002.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G7G77Z76CQPGUF7VHRA6O3UFCMPPR4O2/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQUOFQL2SNNNMKROQ3TZQY4HEYMNOIBW/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLTKVTRKQW2GD2274H3UOW6XU4E62GSK/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2023/dsa-5543", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://www.vmware.com/security/advisories/VMSA-2023-0024.html", }, ], sourceIdentifier: "security@vmware.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-347", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-347", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }