VMSA-2023-0019

• VMware Tools

A SAML token signature bypass vulnerability in VMware Tools was responsibly reported to VMware. Updates are available to remediate this vulnerability in the affected VMware products.

VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.

To remediate CVE-2023-20900 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

None.

None.

[1] VMware Tools 10.3.26 only applies to the older Linux releases.
[2] A version of open-vm-tools that addresses CVE-2023-20900 will be distributed by Linux vendors. 
[3] Fixed versions may differ based on the Linux distribution version and the distribution vendor.

 VMware would like to thank Peter Stöckli of GitHub Security Lab for reporting this issue to us.

Fixed Version(s) and Release Notes:

VMware Tools for Windows 12.3.0
Downloads and Documentation:

VMware Tools for Linux 10.3.26
Downloads and Documentation:

Mitre CVE Dictionary Links:

FIRST CVSSv3 Calculator:
CVE-2023-20900: 

2023-08-31 VMSA-2023-0019
Initial security advisory.

2023-09-05 VMSA-2023-0019.1
Updated VMSA to clarify the known attack vectors.

E-mail: security@vmware.com

PGP key at:

VMware Security Advisories

VMware Security Response Policy

VMware Lifecycle Support Phases

VMware Security & Compliance Blog  

Twitter

Copyright 2023 VMware Inc. All rights reserved.