CVE-2023-20867

Name of the Vulnerable Software and Affected Versions VMware Tools versions prior to 12.2.5 VMware vCenter (affected versions not specified)

Description A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. The vulnerability is related to errors in the authentication procedure of the vgauth module in VMware Tools. Exploitation of this issue may allow an attacker to affect the confidentiality and integrity of protected information. Chinese state-sponsored group UNC3886 has been exploiting this vulnerability since 2021 to backdoor Windows, Linux, and PhotonOS systems.

Recommendations For VMware Tools versions prior to 12.2.5, update to version 12.2.5 or later to resolve the issue. For VMware vCenter, update to the latest version to account for this vulnerability. As a temporary workaround, consider restricting access to the vulnerable vgauth module until a patch is available. Avoid using the vulnerable authentication mechanism in host-to-guest operations until the issue is resolved. At the moment, there is no additional information about other mitigation measures.