Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Adjacent_network
0

CVE-2023-20900

Disclosure Date: August 31, 2023
CVE-2023-20900 CVSS v3 Base Score: 7.5
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.5 High
Impact Score:
5.9
Exploitability Score:
1.6
Vector:
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
High
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
VMware Tools 12.x.x
VMware Tools 11.x.x
VMware Tools 10.3.x
VMware Tools 10.3.x
VMware Tools (open-vm-tools) 12.x.x
VMware Tools (open-vm-tools) 11.x.x
VMware Tools (open-vm-tools) 10.3.x
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • debian,
  • fedoraproject,
  • netapp,
  • vmware

Products

  • debian linux 10.0,
  • debian linux 11.0,
  • debian linux 12.0,
  • fedora 37,
  • fedora 38,
  • fedora 39,
  • ontap select deploy administration utility -,
  • open vm tools,
  • tools
Technical Analysis