Support Content Notification - Support Portal

VMSA-2023-0013:VMware Tools update addresses Authentication Bypass vulnerability

Product/Component

VMware

0 more products

Notification Id

23675

Last Updated

11 June 2023

Initial Publication Date

11 June 2023

Status

CLOSED

Severity

LOW

CVSS Base Score

3.9

WorkAround

Affected CVE

CVE-2023-20867

Advisory ID: VMSA-2023-0013

CVSSv3 Range: 3.9

Issue Date:2023-06-13

Updated On: 2023-06-13 (Initial Advisory)

CVE(s): CVE-2023-20867

Synopsis: VMware Tools update addresses Authentication Bypass vulnerability (CVE-2023-20867)

1. Impacted Products

VMware Tools

2. Introduction

An Authentication Bypass vulnerability in VMware Tools was responsibly reported to VMware. Updates are available to remediate this vulnerability in the affected VMware products.

3a. Authentication Bypass vulnerability in VMware Tools (CVE-2023-20867)

Description

VMware Tools contains an Authentication Bypass vulnerability in the vgauth module. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.9.

Known Attack Vectors

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Resolution

To remediate CVE-2023-20867 update to the version listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

Given the requirement that an attacker must have root access over ESXi to exploit the vulnerability described by CVE-2023-20867, please review 'vSphere Security: Proactive and Continuous' which describes a holistic approach to security best practices.

Notes

[1] There is a known issue (See KB 93823) when upgrading VMWare Tools from version 12.2.0 to version 12.2.5 on Windows VMs. Upgrading to VMware Tools version 12.2.6 is recommended.
[2] VMware Tools 10.3.26 only applies to the older Linux releases.

Acknowledgements

VMware would like to thank Mandiant for reporting this issue to us.

Response Matrix

Product	Version	Running On	CVE Identifier	CVSSv3	Severity	Fixed Version	Workarounds	Additional Documentation
VMware Tools	12.x.x, 11.x.x, 10.3.x	Any	CVE-2023-20867	3.9	low	[1] 12.2.5	None	vSphere Security: Proactive and Continuous
VMware Tools	10.3.x	Linux	CVE-2023-20867	3.9	low	[2] 10.3.26	None	vSphere Security: Proactive and Continuous

4. References

Fixed Version(s) and Release Notes:

VMware Tools 12.2.5
https://customerconnect.vmware.com/downloads/details?downloadGroup=VMTOOLS1225&productId=1259&rPId=106172

VMware Tools for Linux 10.3.26
Downloads and Documentation:
https://customerconnect.vmware.com/downloads/details?downloadGroup=VMTOOLS10326&productId=742
https://docs.vmware.com/en/VMware-Tools/10.3/rn/vmware-tools-10326-release-notes/index.html

Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20867

FIRST CVSSv3 Calculator:
CVE-2023-20867: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

5. Change Log

2023-06-13 VMSA-2023-0013

Initial security advisory.

6. Contact

E-mail: [email protected]

PGP key at:
https://kb.vmware.com/kb/1055

VMware Security Advisories
http://www.vmware.com/security/advisories

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

VMware Security & Compliance Blog
https://blogs.vmware.com/security

Twitter
https://twitter.com/VMwareSRC