VMSA-2023-0024:VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities
23678
24 October 2023
24 October 2023
CLOSED
HIGH
7.1 - 7.8
CVE-2023-34057,CVE-2023-34058
1. Impacted Products
- VMware Tools
2. Introduction
Multiple vulnerabilities in VMware Tools were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
3a. Local privilege escalation vulnerability in VMware Tools (macOS) (CVE-2023-34057)
Description
VMware Tools contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors
A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
Resolution
To remediate CVE-2023-34057 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Dan Revah of Google for reporting this issue to us.
3b. SAML Token Signature Bypass vulnerability in VMware Tools (CVE-2023-34058)
Description
VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
Known Attack Vectors
A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
Resolution
To remediate CVE-2023-34058 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
- While the description and known attack vectors are very similar to CVE-2023-20900, CVE-2023-34058 has a different root cause that has now been addressed.
- CVE-2023-34058 also impacts open-vm-tools. Fixes have been provided to the Linux community for distribution.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Tools | 12.x.x, 11.x.x, 10.3.x | macOS | CVE-2023-34057 | important | None | None | ||
| VMware Tools | 12.x.x, 11.x.x, 10.3.x | Windows | CVE-2023-34057 | N/A | N/A | Unaffected | N/A | N/A |
| VMware Tools | 12.x.x, 11.x.x, 10.3.x | macOS | CVE-2023-34058 | N/A | N/A | Unaffected | N/A | N/A |
| VMware Tools | 12.x.x, 11.x.x, 10.3.x | Windows | CVE-2023-34058 | important | None | None |
4. References
Fixed Version(s) and Release Notes:
VMware Tools 12.3.5 (Windows)
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMTOOLS1235&productId=1259&rPId=112353
https://docs.vmware.com/en/VMware-Tools/12.3/rn/vmware-tools-1235-release-notes/index.html
VMware Tools 12.1.1 (macOS)
Downloads and Documentation:
https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMTOOLS1235&productId=1259&rPId=112353
https://docs.vmware.com/en/VMware-Tools/12.3/rn/vmware-tools-1235-release-notes/index.html
Mitre CVE Dictionary Links
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058
FIRST CVSSv3 Calculator
CVE-2023-34057: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-34058: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
5. Change Log
2023-10-26 VMSA-2023-0024
Initial security advisory.
6. Contact
E-mail: [email protected]
PGP key at:
https://kb.vmware.com/kb/1055
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Twitter
https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.