CVE-2023-20900: [Security Advisory] open-vm-tools: SAML token signature bypass vulnerability (CVE-2023-20900)
First published: Thu Aug 31 2023(Updated: )
VMware Tools could allow a remote attacker to bypass security restrictions, caused by improper SAML token signature verification. By utilize man-in-the-middle attack techniques, an attacker could exploit this vulnerability to perform VMware Tools Guest Operations
Credit: security@vmware.com security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/open-vm-tools | <=2:12.2.5-1<=2:12.2.0-1<=2:11.2.5-2 | 2:12.3.0-1 2:12.2.0-1+deb12u1 2:11.2.5-2+deb11u2 |
| IBM QRadar SIEM | <=7.5 - 7.5.0 UP7 | |
| All of | ||
| VMware Tools | >=10.3.0<12.3.0 | |
| Microsoft Windows | ||
| All of | ||
| VMware Tools | >=10.3.0<10.3.26 | |
| Linux Linux kernel | ||
| All of | ||
| Vmware Open Vm Tools | >=10.3.0<12.3.0 | |
| Linux Linux kernel | ||
| Fedoraproject Fedora | =37 | |
| Fedoraproject Fedora | =38 | |
| Fedoraproject Fedora | =39 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 | |
| NetApp ONTAP Select Deploy administration utility | ||
| All of | ||
| VMware Tools | >=10.3.0<12.3.0 | |
| Microsoft Windows | ||
| All of | ||
| VMware Tools | >=10.3.0<10.3.26 | |
| Linux Linux kernel | ||
| All of | ||
| Vmware Open Vm Tools | >=10.3.0<12.3.0 | |
| Linux Linux kernel | ||
| VMware Tools | >=10.3.0<12.3.0 | |
| Microsoft Windows | ||
| VMware Tools | >=10.3.0<10.3.26 | |
| Linux Linux kernel | ||
| Vmware Open Vm Tools | >=10.3.0<12.3.0 | |
| debian/open-vm-tools | <=2:10.3.10-1+deb10u2 | 2:10.3.10-1+deb10u6 2:11.2.5-2+deb11u2 2:11.2.5-2+deb11u3 2:12.2.0-1+deb12u2 2:12.3.5-4 |
| ubuntu/open-vm-tools | <2:11.0.5-4ubuntu0.18.04.3+ | 2:11.0.5-4ubuntu0.18.04.3+ |
| ubuntu/open-vm-tools | <12.3.0 | 12.3.0 |
| ubuntu/open-vm-tools | <2:11.3.0-2ubuntu0~ubuntu20.04.6 | 2:11.3.0-2ubuntu0~ubuntu20.04.6 |
| ubuntu/open-vm-tools | <2:12.1.5-3~ubuntu0.22.04.3 | 2:12.1.5-3~ubuntu0.22.04.3 |
| ubuntu/open-vm-tools | <2:12.1.5-3ubuntu0.23.04.2 | 2:12.1.5-3ubuntu0.23.04.2 |
| ubuntu/open-vm-tools | <2:10.2.0-3~ubuntu0.16.04.1+ | 2:10.2.0-3~ubuntu0.16.04.1+ |
| ubuntu/open-vm-tools | <2:12.2.5-1ubuntu1 | 2:12.2.5-1ubuntu1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://security-tracker.debian.org/tracker/CVE-2023-20900
- https://www.cve.org/CVERecord?id=CVE-2023-20900
- https://www.openwall.com/lists/oss-security/2023/08/31/1
- https://github.com/vmware/open-vm-tools/commit/74b6d0d9000eda1a2c8f31c40c725fb0b8520b16
- https://github.com/vmware/open-vm-tools/blob/stable-12.3.0/ReleaseNotes.md
- http://bzed.de
- http://www.debian.org
- https://security-tracker.debian.org/tracker/CVE-2023-20867
- https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/commit/3812674370c07c708744c0d1d497583dffa3d665
- https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/compare/15b2b38edd7834b7ad93ae25831fc7ef2bf7ce28...bullseye?from_project_id=38835&straight=false
- https://salsa.debian.org/vmware-packaging-team/pkg-open-vm-tools/-/compare/2231c605efb0564efee229d6c535033159cc92bc...bookworm?from_project_id=38835&straight=false
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050970
- https://exchange.xforce.ibmcloud.com/vulnerabilities/264792
- https://www.ibm.com/support/pages/node/7070736 (Advisory)
- https://www.vmware.com/security/advisories/VMSA-2023-0019.html
- http://www.openwall.com/lists/oss-security/2023/08/31/1
- http://www.openwall.com/lists/oss-security/2023/10/27/1
- https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/
- https://security.netapp.com/advisory/ntap-20231013-0002/
- https://www.debian.org/security/2023/dsa-5493
- https://launchpad.net/bugs/cve/CVE-2023-20900
- https://github.com/vmware/open-vm-tools/blob/CVE-2023-20900.patch/CVE-2023-20900.patch
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2236578
- https://access.redhat.com/errata/RHSA-2023:5213
- https://access.redhat.com/errata/RHSA-2023:5210
- https://access.redhat.com/errata/RHSA-2023:5216
- https://access.redhat.com/errata/RHSA-2023:5220
- https://access.redhat.com/errata/RHSA-2023:5217
- https://access.redhat.com/errata/RHSA-2023:5218
- https://access.redhat.com/errata/RHSA-2023:5312
- https://access.redhat.com/errata/RHSA-2023:5313
- https://bugzilla.redhat.com/show_bug.cgi?id=2236542
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20900
- https://www.vmware.com/security/advisories/VMSA-2023-0019
- https://github.com/vmware/open-vm-tools/tree/CVE-2023-20900.patch
- https://ubuntu.com/security/notices/USN-6365-1
- https://ubuntu.com/security/notices/USN-6365-2
- https://nvd.nist.gov/vuln/detail/CVE-2023-20900
- https://ubuntu.com/security/CVE-2023-20900
Frequently Asked Questions
What is the vulnerability ID of this security advisory?
The vulnerability ID of this security advisory is CVE-2023-20900.
What is the severity of CVE-2023-20900?
CVE-2023-20900 has a severity value of 7.5, which is classified as high.
What is the affected software for CVE-2023-20900?
The affected software for CVE-2023-20900 includes open-vm-tools with various versions.
How can I fix the vulnerability CVE-2023-20900?
To fix CVE-2023-20900, make sure to update open-vm-tools to the recommended versions provided by the software vendor.
Where can I find more information about CVE-2023-20900?
More information about CVE-2023-20900 can be found at the following references: [link1], [link2], [link3].
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/debian-bugs
- alias/CVE-2023-20900
- collector/ibm-support
- collector/launchpad-cve
- source/Launchpad
- collector/mitre-cve
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- collector/nvd-cve
- collector/nvd-index
- collector/oss-sec
- collector/redhat-bugzilla
- source/Red Hat
- collector/security-tracker-debian
- source/Debian
- collector/usn-cve
- source/Ubuntu
- package-manager/debian
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5 - 7.5.0 up7
- vendor/vmware
- canonical/vmware tools
- version/vmware tools/10.3.0
- vendor/microsoft
- canonical/microsoft windows
- vendor/linux
- canonical/linux linux kernel
- canonical/vmware open vm tools
- version/vmware open vm tools/10.3.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/37
- version/fedoraproject fedora/38
- version/fedoraproject fedora/39
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- version/debian debian linux/12.0
- vendor/netapp
- canonical/netapp ontap select deploy administration utility
- package-manager/ubuntu