CVE-2023-20867

Public on 2023-06-13
Modified on 2024-07-10
Description
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
Severity
Low severity
Low
CVSS v3 Base Score
3.9
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core open-vm-tools 2023-07-17 ALAS2-2023-2139 Fixed
Amazon Linux 2023 open-vm-tools 2023-07-17 ALAS2023-2023-259 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
NVD CVSSv3 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N