- 138/2023
- Medium
VMware has released a security update to fix a vulnerability in VMware Tools.
The addressed vulnerability could allow the attacker to bypass security restrictions and obtain access to the guest virtual machine of the affected versions.
the addressed vulnerability:
VMware Tools Security Bypass Vulnerability (CVE-2023-20867):
- CVSS: 3.9
- Attack Vector: Local
- Attack Complexity: High
- Privileges Required: High
- User Interaction: None
- Consequences: Bypass Security
It should be highlighted that security researchers have discovered that the addressed zero-day vulnerability can be used wildly by many threat actors who impacted VMware ESXi hosts, vCenter servers, and Windows virtual machines. The attackers could exploit the vulnerability to execute commands and transfer files to and from guest VMs from the compromised ESXi host without the need for guest credentials.
Vulnerabilities
CVE-2023-20867
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.