oss-sec mailing list archives

[Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900)

From: VMware Security Response Center <security () vmware com>
Date: Thu, 31 Aug 2023 09:26:26 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


Please see the security advisory here: https://www.vmware.com/security/advisories/VMSA-2023-0019.html 

Description
==============================================================
CVE-2023-20900: VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of 
this issue to be in the Important severity range with a maximum CVSSv3.1 base score of 7.5 - 
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H.

Known Attack Vectors
==============================================================
A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may 
be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.

Upstream fix for CVE-2023-20900
==============================================================
https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
-----BEGIN PGP SIGNATURE-----

iHUEAREIAB0WIQQ950nPZL1VtgrpULuSf/JD335VcQUCZPBa5gAKCRCSf/JD335V
cZZTAP9QYJDWCzECKYakbqu4fui7CditlHnew0qs0KjG9qfC3QEA7wLPBfudDBkj
ivy2KsHabG03funx8dWl/x77TfFbUlI=
=sAT7
-----END PGP SIGNATURE-----

Current thread:

[Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900) VMware Security Response Center (Aug 31)