VMware Tools: Vulnerability allows attackers to perform unauthorized actions on guests

2023-08-31 12:09:00

A vulnerability exists in VMware tools that allows attackers in a man-in-the-middle position between vCenter Server and the virtual machine to perform unauthorized access and actions. Updates are available to fix the vulnerability.

Advertisement

VMware Tools are designed to enable better management and seamless user interaction with guest operating systems. For example, they improve performance significantly and should therefore be installed by default by most users.

VMware Tools: Security token validation bypass

The vulnerability lies in a possible bypass of the verification of so-called SAML tokens. They transmit authentication information, for example. At a man-in-the-middle position between the vCenter Server and the virtual machine, malicious actors can bypass the SAML token validation and thereby perform operations in the guest using VMware Tools. They are potentially comprehensive, since the VMware tools provide drivers for graphics output, keyboard, mouse, drive and network access, for example. The developers therefore classify the vulnerability as a serious threat (CVE-2023-20900, CVSS 7.5Risk “hoch“).

VMware does not name temporary countermeasures. However, in the security advisory, they list the bug-fixed versions of VMware Tools. Version 12.3.0 corrects the error under Linux and Windows for the affected branches 10.3.x, 11.xx and 12.xx Under Linux there is also version 10.3.26 for older releases. The version with error correction depends on the version of the Linux distribution and the “distributor”.

On the current Download page for Windows as well as on the page for Linux you will find the software packages with the corrections. Only the 10.3.26 version is available there for Linux; newer packages usually come from the distribution as the open-vm-tools package.

Related Articles:  Alan Wake 2 will get a playable demo before launch

Only on Wednesday of this week VMware had to close a critical security gap in VMware Aria Operations for Networks. It allows attackers to gain access without prior login.

Advertisement

(dmk)

To home page

1693486824
#VMware #Tools #Vulnerability #attackers #perform #unauthorized #actions #guests

Related posts:

OnePlus 10 Pro India launch date set, official teaser expected soon
NASA said the eruption of the Tonga volcano caused 58,000 Olympic pools of water to erupt into the a...
First industrial-scale factory for microcapsules from start-up Calyxia
IOS bug causing the iPhone to send message read receipts even if it is disabled
Scientists witness for the first time the 'tipping point' of Alzheimer's disease in the laboratory
PlayStation VR 2: Sony unveils the first images of its new virtual reality headset!
Call of Duty: a cheater caught in the act becomes the laughingstock of the web
Filtered a video of the Samsung Galaxy S23 Ultra box. Does it come with a charger?

Debunking Estate Planning Myths: Why Planning Your Inheritance is Essential for Everyone

Restoring Security in Brussels Midi Station District: Reinforcing Police Presence in the ‘District of Shame’

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.