Important
VMSA-2023-0024
7.5 – 7.8
2023-10-26
2023-10-26 (Initial Advisory)
CVE-2023-34057, CVE-2023-34058
VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities (CVE-2023-34057, CVE-2023-34058)
1. Impacted Products
- VMware Tools
2. Introduction
Multiple vulnerabilities in VMware Tools were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.
3a. Local privilege escalation vulnerability in VMware Tools (macOS) (CVE-2023-34057)
Description
VMware Tools contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
Known Attack Vectors
A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
Resolution
To remediate CVE-2023-34057 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Dan Revah of Google for reporting this issue to us.
3b. SAML Token Signature Bypass vulnerability in VMware Tools (CVE-2023-34058)
Description
VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.
Known Attack Vectors
A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
Resolution
To remediate CVE-2023-34058 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
Workarounds
None.
Additional Documentation
None.
Notes
- While the description and known attack vectors are very similar to CVE-2023-20900, CVE-2023-34058 has a different root cause that has now been addressed.
- CVE-2023-34058 also impacts open-vm-tools. Fixes have been provided to the Linux community for distribution.
Response Matrix
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
|
VMware Tools
|
12.x.x, 11.x.x, 10.3.x
|
macOS
|
CVE-2023-34057
|
important
|
None
|
None
|
||
|
VMware Tools
|
12.x.x, 11.x.x, 10.3.x
|
Windows
|
CVE-2023-34057
|
N/A
|
N/A
|
Unaffected
|
N/A
|
N/A
|
|
VMware Tools
|
12.x.x, 11.x.x, 10.3.x
|
macOS
|
CVE-2023-34058
|
N/A
|
N/A
|
Unaffected
|
N/A
|
N/A
|
|
VMware Tools
|
12.x.x, 11.x.x, 10.3.x
|
Windows
|
CVE-2023-34058
|
important
|
None
|
None
|
4. References
5. Change Log
2023-10-26 VMSA-2023-0024
Initial security advisory.
6. Contact
E-mail: security@vmware.com
VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2023 VMware Inc. All rights reserved.
