Syneto Knowledge

Open a ticket

CVE-2023-20867 (VMware Tools Authentication Bypass Vulnerability)

Administrator

Written By Christian Castagna (Administrator)

Updated at January 27th, 2025

Table of Contents

Vulnerability description Solution

This article provides information on how to mitigate the CVE-2023-20867 vulnerability.

→ Applies to: VMware Tools (from 10.3.0 to 12.2.0 included)

 

Vulnerability description

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

SOURCES
NIST (https://nvd.nist.gov/vuln/detail/CVE-2023-20867)
VMware (https://www.vmware.com/security/advisories/VMSA-2023-0013.html)

 

Solution

Update VMware Tools with a not affected version (12.2.5 and above).

Related Articles

CVE-2024-6387 (regreSSHion attack)

This article provides information on how to mitigate the CVE-2024-6387 vulnerabil...

CVE-2023-48795 (Terrapin attack on SSH)

This article provides information on how to mitigate the CVE-2023-48795 vulnerabi...

CVE-2023-34058 (VMware Tools Token Signature Bypass Vulnerability)

This article provides information on how to mitigate the CVE-2023-34058 vulnerabi...

CVE-2023-34057 (VMware Tools Privilege Escalation Vulnerability)

This article provides information on how to mitigate the CVE-2023-34057 vulnerabi...