#VU80188 Cryptographic issues in VMware Tools and open-vm-tools - CVE-2023-20900

Cybersecurity Help s.r.o.

Published: 2023-08-31

Vulnerability identifier: #VU80188

Vulnerability risk: Medium

CVSSv4.0: 4.9 [CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-20900

CWE-ID: CWE-310

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
VMware Tools
Client/Desktop applications / Other client software
open-vm-tools
Other software / Other software solutions

Vendor: VMware, Inc

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper verification of SAML token signature. A remote attacker can bypass SAML token signature verification and perform man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Tools: 10.3.0 - 12.2.6

open-vm-tools: 10.3.0 - 12.2.5

External links
https://www.vmware.com/security/advisories/VMSA-2023-0019.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Amazon Linux AMI update for open-vm-tools

Multiple vulnerabilities in Dell XtremIO X2

Multiple vulnerabilities in Dell RecoverPoint for Virtual Machines

Multiple vulnerabilities in IBM Security Verify Governance - Identity Manager

Cryptographic issues in IBM DataPower Gateway

Multiple vulnerabilities in Dell EMC VxRail Appliance

Dell EMC NetWorker vProxy update for third-party components

Multiple vulnerabilities in Dell PowerProtect Cyber Recovery

Multiple vulnerabilities in Juniper Secure Analytics (JSA)

Multiple vulnerabilities in IBM Security Guardium