PT-2023-6488 · Vmware+10 · Vmware Tools+10

Published

2023-10-26

·

Updated

2024-06-15

·

CVE-2023-34058

CVSS v3.1

7.5

High

VectorAV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions VMware Tools (affected versions not specified)
Description VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Privilege Assignment

Improper Authorization

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-285CWE-347

Related Identifiers

ALSA-2023:7265
ALSA-2023:7277
ALT-PU-2023-6667
ALT-PU-2024-1233
ALT-PU-2024-1863
ALT-PU-2024-3160
AZL-31718
BDU:2023-07234
BDU:2024-02571
CESA-2023_7265
CESA-2023_7279
CVE-2023-34058
DLA-3646-1
DSA-5543-1
MGASA-2024-0058
OESA-2023-1831
OESA-2023-1832
OESA-2023-1833
OPENSUSE-SU-2023_4227-1
OPENSUSE-SU-2024:13374-1
RHSA-2023:7260
RHSA-2023:7261
RHSA-2023:7262
RHSA-2023:7263
RHSA-2023:7264
RHSA-2023:7265
RHSA-2023:7267
RHSA-2023:7276
RHSA-2023:7277
RHSA-2023:7279
RHSA-2023_7265
RHSA-2023_7277
RHSA-2023_7279
RLSA-2023:7265
SUSE-SU-2023:4227-1
SUSE-SU-2023:4228-1
SUSE-SU-2023:4229-1
SUSE-SU-2023:4230-1
SUSE-SU-2023_4227-1
SUSE-SU-2023_4228-1
SUSE-SU-2023_4229-1
SUSE-SU-2023_4230-1
USN-6463-1
USN-6463-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu
Vmware Tools